CVE-2021-3129

Description

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.

NVD

Severity: CRITICAL
CVE ID: CVE-2021-3129
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2021-3129

Refrence: Project Discovery GitHub

ambionics

Exploit for CVE-2021-3129

Refrence: GitHub

SNCKER

Laravel debug rce

Refrence: GitHub

SecPros-Team

Refrence: GitHub

crisprss

Refrence: GitHub

nth347

Exploit for CVE-2021-3129

Refrence: GitHub

FunPhishing

Refrence: GitHub

zhzyker

Laravel <= v8.4.2 debug mode: Remote code execution (CVE-2021-3129)

Refrence: GitHub

simonlee-hello

CVE-2021-3129-Laravel Debug mode 远程代码执行漏洞

Refrence: GitHub

idea-oss

Refrence: GitHub

knqyf263

PoC for CVE-2021-3129 (Laravel)

Refrence: GitHub

cuongtop4598

Add revert shell

Refrence: GitHub

joshuavanderpoll

Laravel RCE (CVE-2021-3129)

Refrence: GitHub

shadowabi

CVE-2021-3129 POC

Refrence: GitHub

JacobEbben

Unauthenticated RCE in Laravel Debug Mode <8.4.2

Refrence: GitHub

hupe1980

Laravel debug mode - Remote Code Execution (RCE)

Refrence: GitHub

0nion1

CVE-2021-3129-Laravel Debug mode

Refrence: GitHub

MadExploits

CVE-2021-3129 Exploit Checker By ./MrMad

Refrence: GitHub

ajisai-babu

Laravel Debug mode RCE漏洞（CVE-2021-3129）poc / exp

Refrence: GitHub

keyuan15

Laravel RCE CVE-2021-3129

Refrence: GitHub

qaisarafridi

Refrence: GitHub

Zoo1sondv

Refrence: GitHub

miko550

Laravel RCE (CVE-2021-3129)

Refrence: GitHub

withmasday

CVE-2021-3129 | Laravel Debug Mode Vulnerability

Refrence: GitHub

banyaksepuh

Refrence: GitHub

Axianke

CVE-2021-3129

Refrence: GitHub

Content on GitHub

zhzyker | watchers:3278

vulmap
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

Refrence: GitHub

qaisarafridi | watchers:0

cve-2021-31290

Refrence: GitHub

aurelien-vilminot | watchers:0

ENSIMAG_EXPLOIT_CVE2_3A
Ensimag 3A - Exploit on CVE 2021-3129

Refrence: GitHub