## https://sploitus.com/exploit?id=35896337-DA85-5D42-B9FC-4DF2E3EC881E
<h1 align="center">Remote Code Execution: Laravel (CVE-2021-3129)</h1>
<p align="center">
<img src="https://api.visitorbadge.io/api/visitors?path=https%3A%2F%2Fgithub.com%2Fjoshuavanderpoll%2FCVE-2021-3129&label=Views&countColor=%2337d67a" />
<a href="https://www.python.org/">
<img src="https://img.shields.io/badge/python-3670A0?style=for-the-badge&logo=python&logoColor=ffdd54" alt="Python">
</a>
</p>
## ๐ Description
This script is designed to exploit the Remote Code Execution (RCE) vulnerability identified in several Laravel versions, known as CVE-2021-3129. By leveraging this vulnerability, the script allows users to write and execute commands on a target website running a vulnerable Laravel instance, provided that the "APP_DEBUG" configuration is set to "true" in the ".env" file.
## ๐ Table of Contents
- ๐ [Description](#-description)
- ๐ ๏ธ [Installation](#๏ธ-installation)
- โ๏ธ [Usage](#๏ธ-usage)
- ๐ [Docker POC](#-docker-poc)
- ๐ป [Example](#-example)
- ๐ฉน [Patch options](#-patch-options)
- ๐ก [Contributing to the project](#-contributing-to-the-project)
- ๐ต๐ผ [References](#-references)
- ๐ข [Disclaimer](#-disclaimer)
## ๐ ๏ธ Installation
> [!NOTE]
> To ensure a clean and isolated environment for the project dependencies, it's recommended to use Python's `venv` module.
### iOS/Linux
```bash
$ git clone https://github.com/joshuavanderpoll/CVE-2021-3129.git
$ cd CVE-2021-3129
$ python3 -m venv .venv
$ source .venv/bin/activate
$ pip3 install -r requirements.txt
```
### Windows
```bash
$ git clone https://github.com/joshuavanderpoll/CVE-2021-3129.git
$ cd CVE-2021-3129
$ python -m venv .venv
$ .venv\Scripts\activate
$ pip3 install -r requirements.txt
```
## โ๏ธ Usage

## ๐ Docker POC
```bash
$ docker build -t laravel_vulnerable .
$ docker run -p 8000:8000 laravel_vulnerable
```
## ๐ป Example

## ๐ฉน Patch options
- ``env`` (Updates the .env file to set APP_DEBUG to false)
- ``index`` (Injects code into index.php which prevents access to "/_ignition/execute-solution")
- ``private`` (Same as the index option, but allows specific header to access "_ignition/execute-solution")
## ๐ก Contributing to the project
To contribute, first fork this repository, and `clone` it. Make your changes, whether you're fixing bugs, adding features, or improving translations. When done, `commit` your changes, `push` them, and submit a `pull request` for review to this repostiroy.
### Issues
If you're reporting an issue, make sure to include your `Python version` (python --version), your `PHP version` (php --version), and any relevant command input, and output.
### Translations
For translation contributions, take a look at the `lang/` folder to add or update translations for different languages.
## ๐ต๐ผ References
- https://github.com/ambionics/phpggc
## ๐ข Disclaimer
This tool is provided for educational and research purposes only. The creator assumes no responsibility for any misuse or damage caused by the tool.