laravel-debug-error: Larvel Debug Method Enabled

漏洞描述

PoC代码[已公开]

id: laravel-debug-error

info:
  name: Larvel Debug Method Enabled
  author: dhiyaneshDK
  severity: medium
  description: Larvel Debug method is enabled.
  metadata:
    max-request: 1
  tags: debug,laravel,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"
      - "{{BaseURL}}///////this-should-not-exist,.<>!@#$%^&*()_+"
      - "{{BaseURL}}/%00"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        words:
          - <title>Whoops! There was an error
# digest: 4a0a004730450220271456fdd04d88fe0b445338f15cb03f02e4710d8930351a08cf6ab4fae1301a022100d2047a4f27cde7c9112ac9889720885b6472d068d7e69ff0262c8596157b96ae:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC CVE-2017-16894: Laravel <5.5.21 - Information Disclosure
• POC CVE-2021-3129: Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution
• POC CVE-2022-40734: Laravel Filemanager v2.5.1 - Local File Inclusion
• POC CVE-2017-16894: Laravel .env 配置文件泄露
• POC CVE-2021-3129: LARAVEL <= V8.4.2 DEBUG MODE - REMOTE CODE EXECUTION
• POC CVE-2022-40734: UniSharp aka Laravel Filemanager v2.5.1 - Directory Traversal
• POC laravel-improper-webdir: Laravel Improper Webdir
• POC blade-oob: Laravel Blade 11.27.2 - Out of Band Template Injection
• POC laravel-env: Laravel - Sensitive Information Disclosure
• POC laravel-log-file: Laravel log file publicly accessible
• POC laravel-telescope: Laravel Telescope Disclosure
• POC laravel-debug-enabled: Laravel Debug Enabled
• POC laravel-horizon-unauth: Laravel Horizon Dashboard - Unauthenticated