cve/CVE-2017-16894.md at 8d17e0c8f8dcf0cf9abdcefadf7dbc6d73d1b980

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00

0xMarcio 8d17e0c8f8 Update CVE sources 2024-08-24 17:55

2024-08-24 17:55:21 +00:00

Description

In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework.

POC

Reference

http://packetstormsecurity.com/files/153641/PHP-Laravel-Framework-Token-Unserialize-Remote-Command-Execution.html

Github

https://github.com/0day404/vulnerability-poc
https://github.com/20142995/Goby
https://github.com/ARPSyndicate/cvemon
https://github.com/ArrestX/--POC
https://github.com/Gutem/scans-exploits
https://github.com/H4ckTh3W0r1d/Goby_POC
https://github.com/HimmelAward/Goby_POC
https://github.com/KayCHENvip/vulnerability-poc
https://github.com/Miraitowa70/POC-Notes
https://github.com/SexyBeast233/SecBooks
https://github.com/Threekiii/Awesome-POC
https://github.com/Z0fhack/Goby_POC
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/qiuluo-oss/Tiger
https://github.com/v4p0r/rooon-fiuuu

1.5 KiB Raw Blame History

CVE-2017-16894

Description

POC

Reference

Github

1.5 KiB

Raw Blame History