Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2024-52301 PoC — Laravel allows environment manipulation via query string

Source
https://github.com/martinhaunschmid/CVE-2024-52301-Research
Associated Vulnerability
Title:Laravel allows environment manipulation via query string (CVE-2024-52301)
Description:Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.
Description
A bit of research around CVE-2024-52301
Readme
# CVE-2024-52301-Research
A bit of research around CVE-2024-52301. I've seen the vuln and wanted to find out how Laravel is vulnerable. For this, I just diffed the 6.20.44 and 6.20.45 versions, and traced how GET parameters could end up changing the application configuration.

I've written about this on X and BlueSky:
- https://x.com/0xntrm/status/1857504510609965206
- https://bsky.app/profile/ntrm.bsky.social/post/3laz4tkds2k2m

# Contents

This repo contains a simple docker compose file and some php:
- phpinfo.php to check, whether the `register_argc_argv` is on or off
- exploit.php contains the relevant methods from Laravel version 6, stripped from dependencies and unnecessary stuff

# Run the thing

```bash
docker-compose up -d

curl 'localhost:8000/exploit.php?--env=development'

```

# Sources
https://www.cert.at/de/warnungen/2024/11/kritische-sicherheitslucke-in-laravel-framework-updates-verfugbar
https://securityonline.info/critical-laravel-flaw-cve-2024-52301-exposes-millions-of-web-applications-to-attack/
File Snapshot

 [4.0K]  /data/pocs/daaca5996a400f64bed0daf4d775c744d6257622
├── [4.0K]  app
│   ├── [1.1K]  exploit.php
│   └── [  17]  phpinfo.php
├── [ 320]  docker-compose.yml
└── [1.0K]  README.md

1 directory, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →