Laravel <= v8.4.2 debug mode: Remote code execution (CVE-2021-3129)
[*] Try to use Laravel/RCE1 for exploitation.
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:999: InsecureRequestWarning: Unverified HTTPS request is being made to host '128.xxx.xx.x'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
I got connection aborted here
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 601, in urlopen
chunked=chunked)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 387, in _make_request
six.raise_from(e, None)
File "<string>", line 3, in raise_from
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 383, in _make_request
httplib_response = conn.getresponse()
File "/usr/lib/python3.6/http/client.py", line 1373, in getresponse
response.begin()
File "/usr/lib/python3.6/http/client.py", line 311, in begin
version, status, reason = self._read_status()
File "/usr/lib/python3.6/http/client.py", line 272, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
File "/usr/lib/python3.6/socket.py", line 586, in readinto
return self._sock.recv_into(b)
ConnectionResetError: [Errno 104] Connection reset by peer
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 440, in send
timeout=timeout
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 639, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 367, in increment
raise six.reraise(type(error), error, _stacktrace)
File "/usr/local/lib/python3.6/dist-packages/six-1.14.0-py3.6.egg/six.py", line 702, in reraise
raise value.with_traceback(tb)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 601, in urlopen
chunked=chunked)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 387, in _make_request
six.raise_from(e, None)
File "<string>", line 3, in raise_from
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 383, in _make_request
httplib_response = conn.getresponse()
File "/usr/lib/python3.6/http/client.py", line 1373, in getresponse
response.begin()
File "/usr/lib/python3.6/http/client.py", line 311, in begin
version, status, reason = self._read_status()
File "/usr/lib/python3.6/http/client.py", line 272, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
File "/usr/lib/python3.6/socket.py", line 586, in readinto
return self._sock.recv_into(b)
urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "exp.py", line 121, in <module>
main()
File "exp.py", line 118, in main
EXP(sys.argv[1])
File "exp.py", line 111, in __init__
if not self.__vul_check():
File "exp.py", line 49, in __vul_check
res = requests.get(self.__url,verify=False)
File "/usr/lib/python3/dist-packages/requests/api.py", line 72, in get
return request('get', url, params=params, **kwargs)
File "/usr/lib/python3/dist-packages/requests/api.py", line 58, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 520, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 630, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 490, in send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
how?
[*] Try to use Laravel/RCE2 for exploitation.
/bin/sh: line 1: php: command not found
[+]exploit:
[*] Laravel/RCE2 Result:
[*] Try to use Laravel/RCE3 for exploitation.
/bin/sh: line 1: php: command not found
[+]exploit:
[*] Laravel/RCE3 Result:
[*] Try to use Laravel/RCE5 for exploitation.
/bin/sh: line 1: php: command not found
[+]exploit:
[*] Laravel/RCE5 Result:
[*] Try to use Laravel/RCE6 for exploitation.
/bin/sh: line 1: php: command not found
[+]exploit:
[*] Laravel/RCE6 Result:
[*] Try to use Laravel/RCE7 for exploitation.
/bin/sh: line 1: php: command not found
[+]exploit:
[*] Laravel/RCE7 Result:
[*] Try to use Monolog/RCE2 for exploitation.
/bin/sh: line 1: php: command not found
[+]exploit:
[*] Monolog/RCE2 Result:
[*] Try to use Monolog/RCE3 for exploitation.
/bin/sh: line 1: php: command not found
[+]exploit:
[*] Monolog/RCE3 Result:
[*] Try to use Laravel/RCE4 for exploitation.
/bin/sh: line 1: php: command not found
[+]exploit:
[*] Laravel/RCE4 Result:
[*] Try to use Laravel/RCE1 for exploitation.
/bin/sh: line 1: php: command not found
[+]exploit:
[*] Laravel/RCE1 Result:
[*] Try to use Monolog/RCE1 for exploitation.
/bin/sh: line 1: php: command not found
[+]exploit:
[*] Monolog/RCE1 Result:
[*] Try to use Monolog/RCE4 for exploitation.
/bin/sh: line 1: php: command not found
[+]exploit:
[*] Monolog/RCE4 Result
I get an error telling: ValueError: substring not found
how can i fix this error?
➜ CVE-2021-3129-main python3 exp.py http://127.0.0.1/
[] Try to use Laravel/RCE1 for exploitation.
base64: invalid option -- w
Usage: base64 [-hvDd] [-b num] [-i in_file] [-o out_file]
-h, --help display this message
-Dd, --decode decodes input
-b, --break break encoded string into num character lines
-i, --input input file (default: "-" for stdin)
-o, --output output file (default: "-" for stdout)
[+]exploit:
[] Laravel/RCE1 Result:
[] Try to use Laravel/RCE2 for exploitation.
base64: invalid option -- w
Usage: base64 [-hvDd] [-b num] [-i in_file] [-o out_file]
-h, --help display this message
-Dd, --decode decodes input
-b, --break break encoded string into num character lines
-i, --input input file (default: "-" for stdin)
-o, --output output file (default: "-" for stdout)
[+]exploit:
[] Laravel/RCE2 Result:
[] Try to use Laravel/RCE3 for exploitation.
base64: invalid option -- w
Usage: base64 [-hvDd] [-b num] [-i in_file] [-o out_file]
-h, --help display this message
-Dd, --decode decodes input
-b, --break break encoded string into num character lines
-i, --input input file (default: "-" for stdin)
-o, --output output file (default: "-" for stdout)
[+]exploit:
[] Laravel/RCE3 Result:
[] Try to use Laravel/RCE4 for exploitation.
base64: invalid option -- w
Usage: base64 [-hvDd] [-b num] [-i in_file] [-o out_file]
-h, --help display this message
-Dd, --decode decodes input
-b, --break break encoded string into num character lines
-i, --input input file (default: "-" for stdin)
-o, --output output file (default: "-" for stdout)
[+]exploit:
[] Laravel/RCE4 Result:
[] Try to use Laravel/RCE5 for exploitation.
base64: invalid option -- w
Usage: base64 [-hvDd] [-b num] [-i in_file] [-o out_file]
-h, --help display this message
-Dd, --decode decodes input
-b, --break break encoded string into num character lines
-i, --input input file (default: "-" for stdin)
-o, --output output file (default: "-" for stdout)
[+]exploit:
[] Laravel/RCE5 Result:
[] Try to use Laravel/RCE6 for exploitation.
base64: invalid option -- w
Usage: base64 [-hvDd] [-b num] [-i in_file] [-o out_file]
-h, --help display this message
-Dd, --decode decodes input
-b, --break break encoded string into num character lines
-i, --input input file (default: "-" for stdin)
-o, --output output file (default: "-" for stdout)
[+]exploit:
[] Laravel/RCE6 Result:
[] Try to use Laravel/RCE7 for exploitation.
base64: invalid option -- w
Usage: base64 [-hvDd] [-b num] [-i in_file] [-o out_file]
-h, --help display this message
-Dd, --decode decodes input
-b, --break break encoded string into num character lines
-i, --input input file (default: "-" for stdin)
-o, --output output file (default: "-" for stdout)
[+]exploit:
[] Laravel/RCE7 Result:
[] Try to use Monolog/RCE1 for exploitation.
base64: invalid option -- w
Usage: base64 [-hvDd] [-b num] [-i in_file] [-o out_file]
-h, --help display this message
-Dd, --decode decodes input
-b, --break break encoded string into num character lines
-i, --input input file (default: "-" for stdin)
-o, --output output file (default: "-" for stdout)
[+]exploit:
[] Monolog/RCE1 Result:
[] Try to use Monolog/RCE2 for exploitation.
base64: invalid option -- w
Usage: base64 [-hvDd] [-b num] [-i in_file] [-o out_file]
-h, --help display this message
-Dd, --decode decodes input
-b, --break break encoded string into num character lines
-i, --input input file (default: "-" for stdin)
-o, --output output file (default: "-" for stdout)
[+]exploit:
[] Monolog/RCE2 Result:
[] Try to use Monolog/RCE3 for exploitation.
base64: invalid option -- w
Usage: base64 [-hvDd] [-b num] [-i in_file] [-o out_file]
-h, --help display this message
-Dd, --decode decodes input
-b, --break break encoded string into num character lines
-i, --input input file (default: "-" for stdin)
-o, --output output file (default: "-" for stdout)
[+]exploit:
[] Monolog/RCE3 Result:
[] Try to use Monolog/RCE4 for exploitation.
base64: invalid option -- w
Usage: base64 [-hvDd] [-b num] [-i in_file] [-o out_file]
-h, --help display this message
-Dd, --decode decodes input
-b, --break break encoded string into num character lines
-i, --input input file (default: "-" for stdin)
-o, --output output file (default: "-" for stdout)
[+]exploit:
[] Monolog/RCE4 Result:
I don't get an alert telling me it is not vulnerable, i get empty results:
[*] Try to use Laravel/RCE1 for exploitation.
[+]exploit:
[*] Laravel/RCE1 Result:
[*] Try to use Laravel/RCE2 for exploitation.
[+]exploit:
[*] Laravel/RCE2 Result:
[*] Try to use Laravel/RCE3 for exploitation.
[+]exploit:
[*] Laravel/RCE3 Result:
[*] Try to use Laravel/RCE4 for exploitation.
[+]exploit:
[*] Laravel/RCE4 Result:
[*] Try to use Laravel/RCE5 for exploitation.
[+]exploit:
[*] Laravel/RCE5 Result:
[*] Try to use Laravel/RCE6 for exploitation.
[+]exploit:
[*] Laravel/RCE6 Result:
[*] Try to use Laravel/RCE7 for exploitation.
[+]exploit:
[*] Laravel/RCE7 Result:
[*] Try to use Monolog/RCE1 for exploitation.
[+]exploit:
[*] Monolog/RCE1 Result:
[*] Try to use Monolog/RCE2 for exploitation.
[+]exploit:
[*] Monolog/RCE2 Result:
[*] Try to use Monolog/RCE3 for exploitation.
[+]exploit:
[*] Monolog/RCE3 Result:
[*] Try to use Monolog/RCE4 for exploitation.
[+]exploit:
[*] Monolog/RCE4 Result:
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.