CVE-2018-15133 - Laravel Framework - Remote Code Execution 💰 #14598
Description
Description:
Laravel Framework versions 5.5.40 and 5.6.x through 5.6.29 contain a remote code execution caused by unserialize call on untrusted X-XSRF-TOKEN value in Encrypter.php and phpggc gadgetchains, letting attackers with prior access execute arbitrary code, exploit requires attacker to know the application key.
Severity: High
POC:
- http://packetstormsecurity.com/files/153641/PHP-Laravel-Framework-Token-Unserialize-Remote-Command-Execution.html
- https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/laravel_token_unserialize_exec.rb
- https://github.com/Loaxert/CVE-2018-15133-PoC
- https///github.com:Loaxert/CVE-2018-15133-PoC.git
- https://vulncheck.com/xdb/7fa45a25cb32
- https://github.com/yeahhbean/Laravel-CVE-2018-15133
- https///github.com:yeahhbean/Laravel-CVE-2018-15133.git
- https://vulncheck.com/xdb/45e7d1957c7f
- https://github.com/0xSalle/cve-2018-15133
- https///github.com:0xSalle/cve-2018-15133.git
- https://vulncheck.com/xdb/b31ca993356f
- https://github.com/Cr4zyD14m0nd137/Lab-for-cve-2018-15133
- https///github.com:Cr4zyD14m0nd137/Lab-for-cve-2018-15133.git
- https://vulncheck.com/xdb/3004cb8714e9
- https://github.com/NatteeSetobol/CVE-2018-15133-Lavel-Expliot
- https///github.com:NatteeSetobol/CVE-2018-15133-Lavel-Expliot.git
- https://github.com/AzhariKun/CVE-2018-15133
- https://vulncheck.com/xdb/be7a45b53d16
- https://github.com/pwnedshell/Larascript
- https///github.com:pwnedshell/Larascript.git
- https://vulncheck.com/xdb/2c6de6585be5
- https://github.com/aljavier/exploit_laravel_cve-2018-15133
- https///github.com:aljavier/exploit_laravel_cve-2018-15133.git
- https://vulncheck.com/xdb/0a29cfc05e95
- https://github.com/AlienX2001/better-poc-for-CVE-2018-15133
- https///github.com:AlienX2001/better-poc-for-CVE-2018-15133.git
- https://github.com/bukitbarisan/laravel-rce-cve-2018-15133
- https://vulncheck.com/xdb/b1064b8f348a
- https://github.com/Prabesh01/Laravel-PHP-Unit-RCE-Auto-shell-uploader
- https///github.com:Prabesh01/Laravel-PHP-Unit-RCE-Auto-shell-uploader.git
- https://vulncheck.com/xdb/8027eabdd92d
- https://github.com/Bilelxdz/Laravel-CVE-2018-15133
- https///github.com:Bilelxdz/Laravel-CVE-2018-15133.git
- https://vulncheck.com/xdb/bb622dfa8b57
- https://github.com/kozmic/laravel-poc-CVE-2018-15133
- https///github.com:kozmic/laravel-poc-CVE-2018-15133.git
KEV: True
Shodan Query: cpe:"cpe:2.3:a:laravel:laravel"
Acceptance Criteria: The template must include a complete POC and should not rely solely on version-based detection. Contributors are required to provide debug data(
-debug) along with the template to help the triage team with validation or can also share a vulnerable environment like docker file.
Rewards will only be given once the template is fully validated by the team. Templates that are incomplete or invalid will not be accepted. Avoid adding code templates for CVEs that can be achieved using HTTP, TCP, or JavaScript. Such templates are blocked by default and won’t produce results, so we prioritize creating templates with other protocols unless exceptions are made.
You can check the FAQ for the Nuclei Templates Community Rewards Program here.