漏洞描述
Laravel Reverb是The Laravel Framework开源的一个库。为Laravel应用程序带来了实时WebSocket通信。 Laravel Reverb 1.4.0之前版本存在数据伪造问题漏洞,该漏洞源于对发送到Reverb的Pusher兼容API的请求的验证签名未进行验证。
Laravel Reverb 数据伪造问题漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2017-16894: Laravel <5.5.21 - Information Disclosure
- POC CVE-2021-3129: Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution
- POC CVE-2022-40734: Laravel Filemanager v2.5.1 - Local File Inclusion
- POC CVE-2017-16894: Laravel .env 配置文件泄露
- POC CVE-2021-3129: LARAVEL <= V8.4.2 DEBUG MODE - REMOTE CODE EXECUTION
- POC CVE-2022-40734: UniSharp aka Laravel Filemanager v2.5.1 - Directory Traversal
- POC laravel-improper-webdir: Laravel Improper Webdir
- POC blade-oob: Laravel Blade 11.27.2 - Out of Band Template Injection
- POC laravel-env: Laravel - Sensitive Information Disclosure
- POC laravel-log-file: Laravel log file publicly accessible
- POC laravel-telescope: Laravel Telescope Disclosure
- POC laravel-debug-enabled: Laravel Debug Enabled
- POC laravel-debug-error: Larvel Debug Method Enabled