laravel-telescope: Laravel Telescope Disclosure

日期: 2025-08-01 | 影响软件: laravel-telescope | POC: 已公开

漏洞描述

Telescope provides insight into the requests coming into your application, exceptions, log entries, database queries, queued jobs, mail, notifications, cache operations, scheduled tasks, variable dumps, and more.

PoC代码[已公开]

id: laravel-telescope

info:
  name: Laravel Telescope Disclosure
  author: geeknik
  severity: medium
  description: Telescope provides insight into the requests coming into your application, exceptions, log entries, database queries, queued jobs, mail, notifications, cache operations, scheduled tasks, variable dumps, and more.
  reference:
    - https://laravel.com/docs/8.x/telescope
  metadata:
    max-request: 1
  tags: laravel,disclosure,logs,exposure,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/telescope/requests"

    host-redirects: true
    matchers:
      - type: word
        words:
          - "<title>Telescope</title>"
          - "Requests"
          - "Commands"
          - "Schedule"
        condition: and
# digest: 4a0a00473045022062a245055b85872ebb61b45c6fb7539fb13ae414f464abf9e89d5a325135bf29022100b466f2dc860f39276ae691f618b5f18e4e582d8270869fada289a285e758b5a9:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/logs/laravel-telescope.yaml