漏洞描述
Detected unauthenticated access to the Laravel session storage directory, allowing attackers to browse and download session files that may contain active authentication tokens, CSRF tokens, and serialized user data.
laravel-sessions-exposure: Laravel Sessions Folder Exposure
PoC代码[已公开]
id: laravel-sessions-exposure
info:
name: Laravel Sessions Folder Exposure
author: DhiyaneshDk
severity: high
description: |
Detected unauthenticated access to the Laravel session storage directory, allowing attackers to browse and download session files that may contain active authentication tokens, CSRF tokens, and serialized user data.
metadata:
max-request: 2
verified: true
shodan-query: http.html:"Index of" http.html:"sessions"
fofa-query: body="Index of" && body="sessions"
tags: laravel,exposure,misconfig,storage,session
http:
- method: GET
path:
- "{{BaseURL}}/storage/framework/sessions/"
- "{{BaseURL}}/storage/sessions/"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Index of"
- "Parent Directory"
- "<title>Index of"
- "Directory listing for"
condition: or
- type: status
status:
- 200
# digest: 490a0046304402202c960c38bbbb683f6bd3c418b60e6fa1f1d98fc9279552b95531daf7c66e2ce602201ff9647bf59704de6176a562bc3ec0c489652e1544d5e5171adcd9fb2c9917ed:922c64590222798bb761d5b6d8e72950