Ignition debug mode RCE in Laravel

This repository contains a single Python exploit script (exp.py) targeting the Laravel Ignition debug handler vulnerability (CVE-2021-3129). The exploit automates the process of achieving remote code execution (RCE) by leveraging multiple PHPGGC gadget chains (Laravel/RCE1-7, Monolog/RCE1-4). The script constructs serialized PHP payloads using PHPGGC, writes them to the Laravel log file, and triggers deserialization via the /_ignition/execute-solution endpoint. The exploit checks for vulnerability, clears the log, injects the payload, and attempts to execute arbitrary commands (e.g., 'id') on the server. The main fingerprintable endpoints are the /_ignition/execute-solution HTTP endpoint and the ../storage/logs/laravel.log file. The script is operational and provides RCE if the target is vulnerable.

This repository contains a Python exploit script (CVE-2021-3129.py) and a README.md. The script targets the Laravel PHP framework (<= 8.4.2) when the 'APP_DEBUG' setting is enabled, exploiting CVE-2021-3129 to achieve remote code execution (RCE). The exploit is interactive, allowing the user to execute arbitrary system commands on the target server, clear or write to the Laravel log file, and attempt to patch the vulnerability. The script validates the target URL, supports multiple exploitation chains, and provides user guidance for available commands. The README.md briefly describes the exploit's purpose and requirements. No hardcoded endpoints are present; the target is specified at runtime. The exploit is operational and provides real RCE capabilities against vulnerable Laravel installations.

This repository is a Proof-of-Concept (PoC) exploit for CVE-2021-3129, a remote code execution vulnerability in Laravel applications using the Ignition debug handler (specifically version 2.5.1). The repository contains a Docker-based environment with two main components: a 'victim' service running a vulnerable Laravel 8.4.2 application with Ignition 2.5.1, and an 'attacker' service containing the exploit script (exploit.py). The exploit leverages PHPGGC to generate a malicious PHP object payload using the monolog/rce1 gadget chain, which is then injected into the Laravel log file and deserialized via the vulnerable endpoint (_ignition/execute-solution). The exploit achieves arbitrary command execution on the victim container, as demonstrated by reading /etc/passwd. The main exploit logic is implemented in Python (attacker/exploit.py), and the environment is orchestrated using Docker Compose. The repository is well-structured for educational and testing purposes, providing a full vulnerable environment and a working exploit.

This repository provides a Python-based exploit for CVE-2021-3129, a Remote Code Execution (RCE) vulnerability affecting Laravel applications with APP_DEBUG enabled. The main exploit script, 'CVE-2021-3129.py', orchestrates the attack by generating serialized PHP payloads (using PHPGGC chains) and injecting them into the Laravel log file. The exploit then triggers the payload via the '/_ignition/execute-solution' HTTP endpoint, resulting in arbitrary command execution on the target server. The script supports multiple exploitation chains for different Laravel and Monolog versions, and can automatically detect the Laravel version and select the appropriate chain. Additional features include clearing logs, writing arbitrary data to logs, and patching the vulnerability by modifying the .env file or index.php. The repository includes a Dockerfile to set up a vulnerable Laravel environment for testing, as well as language files for internationalization. The exploit is operational and provides real RCE capabilities, but also includes options for remediation. The main attack vector is network-based, targeting the '/_ignition/execute-solution' endpoint on Laravel servers with specific misconfigurations.

This repository contains a Python exploit script (CVE-2021-3129.py) and a README.md for CVE-2021-3129, a remote code execution vulnerability in Laravel applications with debug mode enabled. The script can both detect the vulnerability and exploit it to write a PHP webshell ('shell.php') to the target server. The main attack vector is via HTTP requests to the '/_ignition/execute-solution' endpoint, abusing the Ignition package's unsafe deserialization and file operations. The script supports optional proxying and provides clear output on success or failure. The README provides usage instructions, example commands, and legal disclaimers. The exploit is operational, as it provides a working payload (webshell) and automates the full attack chain.

This repository is a full exploit environment and script for CVE-2021-3129, a remote code execution (RCE) vulnerability in Laravel applications with debug mode enabled and the Facade\Ignition package installed. The repository includes a Dockerized vulnerable Laravel environment and a Python exploit script (exploit.py). The exploit works by generating a malicious Phar payload using PHPGGC and injecting it into the Laravel log file. It then triggers deserialization via the /_ignition/execute-solution endpoint, resulting in arbitrary command execution on the server. The exploit script supports multiple Monolog gadget chains for improved reliability. The main endpoints involved are the /_ignition/execute-solution HTTP endpoint and the Laravel log file. The repository is well-structured, with clear separation between the exploit code and the vulnerable application, and is intended for security research and proof-of-concept demonstration.

This repository contains a Python exploit script (laravel-CVE-2021-3129-EXP.py) targeting CVE-2021-3129, a remote code execution vulnerability in Laravel's Ignition debug mode. The exploit works by abusing the /_ignition/execute-solution endpoint to manipulate log files and inject a PHP webshell (fuckyou.php) into the target server. The script automatically detects the target OS (Windows or Linux) and crafts payloads accordingly. Upon successful exploitation, the attacker gains a persistent webshell with a known password ('pass'). The README provides basic usage instructions and an example target URL. The repository is operational and provides a working exploit with a real payload, suitable for post-exploitation access.

This repository is a comprehensive exploit toolkit targeting insecure deserialization vulnerabilities in a wide range of PHP applications and frameworks. The main entry point is 'exp.py', a Python script that automates exploitation of the Laravel Ignition RCE vulnerability (and potentially others) by generating and delivering serialized PHP object payloads (gadget chains) to the vulnerable endpoint '/_ignition/execute-solution'. The repository includes a large collection of PHP gadget chains (under 'gadgetchains/') for various popular PHP libraries and frameworks, such as Laravel, Monolog, CodeIgniter, Doctrine, Drupal, Guzzle, Horde, Laminas, Magento, PHPCSFixer, PHPExcel, Phalcon, Pydio, Slim, Smarty, SwiftMailer, Symfony, TCPDF, ThinkPHP, and WordPress (Dompdf). Each gadget chain enables a specific exploit primitive, such as remote code execution, file write, file delete, SQL injection, SSRF, or information disclosure, depending on the target's installed libraries and versions. The exploit works by: - Generating a serialized PHP object payload using PHPGGC for the selected gadget chain. - Encoding the payload and delivering it via a POST request to the Laravel Ignition endpoint. - Leveraging log file manipulation and deserialization to trigger the exploit and achieve code execution or other effects. The Dockerfile provides an environment with PHP and Python for running the exploit. The toolkit is operational and can be used to exploit real-world targets, provided the target is vulnerable and the correct gadget chain is selected. The structure is modular, allowing for easy addition of new gadget chains for other PHP libraries.

This repository is a comprehensive exploit toolkit for CVE-2021-3129, a critical remote code execution vulnerability in Laravel applications using the Ignition package. The main exploit script, 'CVE-2021-3129.py', is a Python tool that automates the full exploitation chain: it generates a malicious PHAR payload using the included 'phpggc' PHP tool, injects the payload into the Laravel log file via the Ignition endpoint, converts the log file into a PHAR archive using PHP stream filters, and finally triggers deserialization to achieve arbitrary command execution on the server. The repository includes a large collection of PHP gadget chains (under 'gadgetchains/') for Laravel and Monolog, supporting a wide range of Laravel and Monolog versions and exploitation scenarios. The 'lib/' directory contains the core PHPGGC library for generating serialized payloads. The Dockerfile provides an environment for running the tools. Key endpoints and artifacts include the '/_ignition/execute-solution' HTTP endpoint (used to interact with the vulnerable Laravel instance) and the '../storage/logs/laravel.log' file (used for payload injection). The exploit is highly customizable, allowing the attacker to specify any system command to execute on the target. Overall, this repository provides a weaponized, automated exploit for CVE-2021-3129, leveraging advanced PHP deserialization techniques and a robust set of gadget chains for maximum compatibility and effectiveness.

This repository is a comprehensive exploit toolkit for CVE-2021-3129, a critical remote code execution vulnerability in Laravel's Ignition debug mode. The main exploit script (Exp.py) automates the exploitation process by generating serialized PHP object payloads (Phar files) using various gadget chains (provided in the 'gadgetchains/' directory, compatible with phpggc). The script targets the '/_ignition/execute-solution' endpoint of a vulnerable Laravel application, injecting the payload into the application's log file and then triggering deserialization to achieve RCE. The toolkit supports multiple gadget chains for different PHP libraries and frameworks (e.g., Monolog, Laravel, CakePHP, CodeIgniter, Doctrine, Guzzle, etc.), increasing its effectiveness across a range of target environments. The repository includes a Dockerfile for building a PHP environment with phpggc, and the README provides usage instructions. The exploit is operational and can execute arbitrary commands on the target server, provided the necessary conditions are met (vulnerable Laravel version, exposed endpoint, and appropriate PHP configuration).

This repository contains a working exploit for CVE-2021-3129, a remote code execution vulnerability in Laravel Ignition <= 2.5.1. The exploit is implemented in Python (laravel-ignition-rce.py) and leverages the /_ignition/execute-solution/ HTTP endpoint exposed by Laravel applications in debug mode. The attack involves generating a malicious PHAR file (using PHPGGC), writing it into the Laravel log file, and then triggering deserialization via a crafted wrapper. The exploit script automates the process of clearing logs, injecting the payload, converting the log to a PHAR, and executing the payload to achieve arbitrary command execution. The README provides usage instructions and references the original vulnerability research. The main fingerprintable endpoints are the /_ignition/execute-solution/ HTTP path and the log file at /storage/logs/laravel.log. The exploit is operational and requires the attacker to generate a suitable PHAR payload.

This repository contains a Python exploit script (exploit.py) targeting CVE-2021-3129, a remote code execution vulnerability in Laravel applications using the Ignition package (facade/ignition) version 2.5.1. The exploit works by abusing the /_ignition/execute-solution endpoint to manipulate the Laravel log file, inject a serialized PHPGGC gadget chain payload (as a PHAR file), and trigger its deserialization, resulting in arbitrary command execution on the server. The script automates the process of clearing logs, generating the payload (using PHPGGC), injecting it, converting the log to a PHAR, and triggering deserialization. The README provides setup and usage instructions, including example commands. The main fingerprintable endpoints are the /_ignition/execute-solution HTTP endpoint and the ../storage/logs/laravel.log file. The exploit is operational, requiring a specific vulnerable configuration, and provides full RCE capabilities.

This repository contains a Python exploit script (Laravel_CVE-2021-3129_EXP.py) targeting CVE-2021-3129, a remote code execution vulnerability in Laravel's Ignition package (version 2.5.1). The exploit leverages a gadget chain (Laravel/RCE5) generated by the phpggc tool to craft a malicious serialized PHP payload. The script interacts with the vulnerable Laravel application's _ignition/execute-solution HTTP endpoint, sending specially crafted JSON data to trigger the vulnerability. The exploit workflow involves clearing and manipulating the Laravel log file, injecting the payload, and then triggering deserialization to achieve RCE. The README provides usage notes, version requirements, and references. The repository is structured with a single Python exploit script and a README file, and requires the phpggc tool to be present for payload generation.