so.cl

Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer


CVE-2018-15133 - Laravel RCE

Larascript is a script which take advantage from CVE-2018-15133 and can execute remote commands if a vulnerable Laravel app is exposed. You can send commands and get response such as get cat /etc/passwd. But you also can ask for a shell so it gives you a reverse shell.

It has some argument personalization so you can specify what type of reverse shell you get (bash or sh), what reverse shell language use to retrieve the shell (PHP, bash, mkfifo, Python…) or the Laravel RCE method (1,2,3 or 4). It also provides a good shell interaction and references to the shell treatment or Linux privilege escalation. CVE-2018-15133: Laravel RCE