CVE-2019-9081_poc // forked and tested by ph-arm as of 29 nov 2021
Need to hit an unsafe "unserialize" to get it working. Poc for CVE-2019-9081, this CVE is just a new POP chain. The project is a pre-built vulnerable Laravel 5.7.x application with an entry point for POI vulnerability at URI /deserialize (POST-request).
Lab setup:
Install the bricks as superuser :
sudo apt-get install php-xml composer
Starting the vulnerable application:
git clone https://github.com/nth347/CVE-2019-9081_poc.git
cd CVE-2019-9081
composer install
cp ./.env.example ./.env
php artisan serve
Reminder to change the key (need to be 32 char long)
Usage:
Obtaining payload:
php CVE-2019-8091_poc.php
Sending payload to the application using a POST request to URI /deserialize, via a parameter named data. and be carefull to hit the endpoint with the header :
Content-Type: Application/x-www-form-urlencoded