1

I want to test laravel exploit POC based on https://github.com/kozmic/laravel-poc-CVE-2018-15133/

I did docker steps to reach laravel home page on localhost:8000 then I got API key and simply I put APIKEY in PHP command to find header.

When I sent POST request with exploit via curl there is not the expected response from the RCE.

Please look at below screenshot, I followed the ReadME steps certainly.

enter image description here

Is there any bug in the source code? or there is some issue in my usage? Guide me please.

schroeder
  • 123,438
  • 55
  • 284
  • 319
james
  • 11
  • 1
  • The screenshot clearly shows a response. And furthermore, perhaps including your API key in a public question is not the best idea. –  Aug 19 '19 at 11:17
  • This is not response to code execution and this is html response. In github source code mentiond after doing final steps, it returned "uname -a" execution response. – james Aug 19 '19 at 11:22
  • 1
    Please do not post screenshots of text. Copy/paste and use the code formatting tool – schroeder Aug 19 '19 at 15:23
  • I'm not sure that we can help you. We are not going to review the code and all we can do is to check that you ran all the commands properly. This is a question for the PoC dev. – schroeder Aug 19 '19 at 15:29
  • please explain a bit this vulnerability. don't post screenshots with text. format your code. write what you have done and what didn't work. running `exploit.exe` and saying "it didn't work, so help me" is not really great. you need to specify where did you stuck and gives some results. – Awaaaaarghhh Aug 19 '19 at 21:45

0 Answers0