Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-15133 PoC — Laravel Framework 安全漏洞

Source
https://github.com/AzhariKun/CVE-2018-15133
Associated Vulnerability
Title:Laravel Framework 安全漏洞 (CVE-2018-15133)
Description:In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
Readme
# CVE-2018-15133

<h2>Laravel Unserialized RCE</h2><br>
<img src="https://github.com/AzhariKun/CVE-2018-15133/blob/main/contoh.jpg"><br>

<span>pip install requests colorama multiprocessing</span>
File Snapshot

 [4.0K]  /data/pocs/47bd2fc114fbc66500515929ebbd29d04b5017c7
├── [114K]  contoh.jpg
├── [1.2K]  rce.py
└── [ 198]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →