Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-15133 PoC — Laravel Framework 安全漏洞

Source
https://github.com/Prabesh01/Laravel-PHP-Unit-RCE-Auto-shell-uploader
Associated Vulnerability
Title:Laravel Framework 安全漏洞 (CVE-2018-15133)
Description:In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
Description
Laravel-PHP-Unit-RCE (CVE-2018-15133) Auto Exploiter and Shell Uploader
Readme
# License

[![CC0](https://i.creativecommons.org/l/by-nc/4.0/88x31.png)](http://creativecommons.org/licenses/by-nc/4.0/)
File Snapshot

 [4.0K]  /data/pocs/460081d278d3c04557b7cc622b8704a3f81d2f37
├── [ 811]  rce.sh
└── [ 121]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →