Last active
June 4, 2024 14:15
-
-
Save whiteman007/43bd7fa1fa0e47554b33f0cf93066784 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CVE-ID: CVE-2024-29291 | |
Description: | |
A vulnerability has been discovered in the Laravel Framework in versions from 8.* to 11.*, allowing a remote attacker to obtain sensitive information via the laravel.log component. This vulnerability leads to the leakage of database credentials. | |
Additional Information: | |
None. | |
Risk: | |
High. | |
Vulnerability Type: | |
Database credential leak vulnerability. | |
Vendor of Product: | |
Laravel Framework. | |
Affected Product Code Base: | |
Laravel FRAMEWORK - 8.* - 11.* | |
Affected Component: | |
laravel.log. | |
Attack Type: | |
Remote. | |
Impact Information Disclosure: | |
True. | |
Attack Vectors: | |
Database credential leak vulnerability. | |
Description: | |
Access to private Database credential data is possible by logging into the website database. Additionally, login data for database access can be retrieved. | |
Proof of concept: | |
Go to any Laravel-based website and navigate to storage/logs/laravel.log. | |
Open the file and search for "PDO->__construct('mysql:host=". | |
The result: | |
shell | |
Copy code | |
#0 /home/u429384055/domains/js-cvdocs.online/public_html/vendor/laravel/framework/src/Illuminate/Database/Connectors/Connector.php(70): PDO->__construct('mysql:host=sql1...', 'u429384055_jscv', 'Jaly$$a0p0p0p0', Array) | |
#1 /home/u429384055/domains/js-cvdocs.online/public_html/vendor/laravel/framework/src/Illuminate/Database/Connectors/Connector.php(46): Illuminate\Database\Connectors\Connector->createPdoConnection('mysql:host=sql1...', 'u429384055_jscv', 'Jaly$$a0p0p0p0', Array) | |
Credentials: | |
Username: u429384055_jscv | |
Password: Jaly$$a0p0p0p0 | |
Host: sql1... | |
Now you can login to the database. | |
By: Huseein Amer | |
Facebook: https://www.facebook.com/hussein.amer.75491/ | |
The Connector class could make use of the SensitiveParameter attribute. Seems appropriate
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Read this documentation https://laravel.com/docs/11.x/filesystem#the-public-disk
it says "The public disk included in your application's filesystems configuration file is intended for files that are going to be publicly accessible. By default, the public disk uses the local driver and stores its files in
storage/app/public
"Thus storage/logs should not be accessible.