laravel-debug-info-leak: Laravel Debug Info Leak

日期: 2025-08-01 | 影响软件: Laravel | POC: 已公开

漏洞描述

Laravel 开启 Debug mode,可能泄露web路径、数据库账号密码等敏感信息

PoC代码[已公开]

id: laravel-debug-info-leak

info:
  name: Laravel Debug Info Leak
  author: Dem0ns
  severity: high
  verified: true
  description: |-
    Laravel 开启 Debug mode,可能泄露web路径、数据库账号密码等敏感信息
  tags: laravel,disclosure
  created: 2023/10/29

rules:
  r0:
    request:
      method: POST
      path: /
    expression: response.status == 405 && response.body.bcontains(b"MethodNotAllowedHttpException") && response.body.bcontains(b"Environment & details") && (response.body.bcontains(b"vendor\\laravel\\framework\\src\\Illuminate\\Routing\\RouteCollection.php") || response.body.bcontains(b"vendor/laravel/framework/src/Illuminate/Routing/RouteCollection.php"))
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/disclosure/laravel-debug-info-leak.yaml

相关漏洞推荐