laravel-log-file: Laravel log file publicly accessible

日期: 2025-08-01 | 影响软件: Laravel | POC: 已公开

漏洞描述

The log file of this Laravel web app might reveal details on the inner workings of the app, possibly even tokens, credentials or personal information.

PoC代码[已公开]

id: laravel-log-file

info:
  name: Laravel log file publicly accessible
  author: sheikhrishad,geeknik
  severity: high
  description: The log file of this Laravel web app might reveal details on the inner workings of the app, possibly even tokens, credentials or personal information.
  reference:
    - https://laravel.com/docs/master/logging
  metadata:
    max-request: 1
  tags: laravel,logs,exposure,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/storage/logs/laravel.log"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "InvalidArgumentException"
          - "local.ERROR"
          - "ErrorException"
          - "syntax error"
        condition: or

      - type: word
        part: header
        words:
          - "text/plain"
          - "text/x-log"
        condition: or

      - type: status
        status:
          - 200
# digest: 4a0a00473045022013d8ea6e1932825d2bb50407b71a6ac17d3bdfb9c5c33563861f527457e2097c022100e072b0d78a05a8ac2e395ddd05a0a2610d37758893e58c0b6e5f1b27030628e3:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/logs/laravel-log-file.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐