laravel-debug-enabled: Laravel Debug Enabled

漏洞描述

PoC代码[已公开]

id: laravel-debug-enabled

info:
  name: Laravel Debug Enabled
  author: notsoevilweasel
  severity: medium
  description: |
    Laravel with APP_DEBUG set to true is prone to show verbose errors.
  remediation: |
    Disable Laravel's debug mode by setting APP_DEBUG to false.
  metadata:
    max-request: 1
  tags: debug,laravel,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/_ignition/health-check"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - can_execute_commands

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100f7ad81d93311f60c637be3322a011f6787545c6873ff79b167a74b77aa711fa6022100cb2855da07b55a357f77facccdd7d7dcc143728080dbd3019e9079b0c67c90b5:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC CVE-2017-16894: Laravel <5.5.21 - Information Disclosure
• POC CVE-2021-3129: Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution
• POC CVE-2022-40734: Laravel Filemanager v2.5.1 - Local File Inclusion
• POC CVE-2017-16894: Laravel .env 配置文件泄露
• POC CVE-2021-3129: LARAVEL <= V8.4.2 DEBUG MODE - REMOTE CODE EXECUTION
• POC CVE-2022-40734: UniSharp aka Laravel Filemanager v2.5.1 - Directory Traversal
• POC laravel-improper-webdir: Laravel Improper Webdir
• POC blade-oob: Laravel Blade 11.27.2 - Out of Band Template Injection
• POC laravel-env: Laravel - Sensitive Information Disclosure
• POC laravel-log-file: Laravel log file publicly accessible
• POC laravel-telescope: Laravel Telescope Disclosure
• POC laravel-debug-error: Larvel Debug Method Enabled
• POC laravel-horizon-unauth: Laravel Horizon Dashboard - Unauthenticated