Home > PHP Framework > Laravel > How Laravel fixes website vulnerabilities

How Laravel fixes website vulnerabilities

藏色散人
Release: 2020-06-12 15:11:50
forward
3860 people have browsed it

The following tutorial column is developed by Laravel to introduce you to Laravel's method of repairing website vulnerabilities. I hope it will be helpful to friends in need!

How Laravel fixes website vulnerabilities

The Laravel framework is a development framework currently used by many websites and APP operators. Because there are so many websites used, many attackers are constantly attacking We conducted vulnerability testing on the website. When we conducted vulnerability testing on the system, we found that there was a REC vulnerability. It was mainly an XSRF vulnerability. Let's analyze the vulnerability in detail, how to exploit it, and how to fix it. Record.

The exploitation of this Laravel REC vulnerability requires conditions. The APP_KEY must be leaked before it can be successfully exploited and triggered. Our SINE security technology discovered a total of There are two places where website vulnerabilities can occur. The first is the cookies field in the Post packet, and the other is the HTTP header field where malicious total code can be inserted into the website backend.

Let’s build it Let’s take a look at the environment for website vulnerability testing. We use linux centos system, PHP5.5 version, the database is mysql, and it is built using apache environment. The Laravel version used is 5.6.28. First, we go to the official website to download the version and unzip it to the apache setting. Website directory path. First of all, in our post data, we can see that in our code, we will call more than a dozen classes, call objects in the classes, and assign parameters. In the cookies and verifycsrftoken values, we found that app_key can be used for vulnerability exploitation. First we use cookies to reproduce it:

How Laravel fixes website vulnerabilities

The code is as follows:

POST / HTTP/1.2
Host: 127.0.0.2:80
Cookie: safe_SESSION=PHPSTORM; 5LqG5L+d6K+B5omA6L6T5Ye655qE57yW56CB5L2N5Y+v6K+75a2X56ym77yMQmFzZTY05Yi25a6a5LqG5LiA5Liq57yW56CB6KGo77yM5Lul5L6/6L+b6KGM57uf5LiA6L2s5o2i44CC57yW56CB6KGo55qE5aSn5bCP5Li6Ml42PTY077yM6L+Z5Lmf5pivQmFzZTY05ZCN56ew55qE55Sx5p2l44CCDQoNCkJhc2U2NOe8lueggeihqA==;
Content-Type: application/x-www-form-
Connection: open
Content-Length: 1
Copy after login

The above code is in the cookies column. The encrypted value is what we want The forged attack code submits the POST request to the website. It will first decrypt the APP_key and assign it a value. If the decryption is successful, the value in the cookies will be verified and deserialized, and then If the vulnerability occurs, the RCE vulnerability will be triggered.

Let’s test the vulnerability using the http header method. First, we will construct a code similar to cookies, as follows:

POST / HTTP/1.2
Host: 127.0.0.2:80
X-XSRF-TOKEN: +B5omA6L6T5Ye655qE57yW56CB5L2N5Y+v6K+75a2X56ym77yMQmFzZTY05Yi25a6a5LqG5LiA5Liq57yW56CB6KGo77yM5Lul5L6/6L+b6KGM57uf5LiA6L2s5o2i44CC57yW56CB6KGo55qE5aSn5bCP5Li6Ml42PTY077yM6L+Z5Lmf5pivQmFzZTY05ZCN56ew55qE55Sx5p2l44CCDQoNCkJhc2U2NOe8lueggeihqA==;
Content-Type: application/x-www-form-
Connection: open
Content-Length: 1
Copy after login

How Laravel fixes website vulnerabilities

Look here at the X-XSRF-TOKEN: value. The Laravel framework will judge and verify this value during the submission process. If the decryption is successful, the deserialization operation will be performed. I won’t go through it one by one here. Introduction and explanation.

How to fix Laravel's vulnerability?

Our SINE security technology upgraded the Laravel version and found that the latest 5.6.30 version has the rce vulnerability Repairs have been made. From our code comparison, we can see that the decryption and parsing operations of cookies have been judged, and the static::serialized() value has been written more. This is also added to X-XSRF-TOKEN. Value. If you don’t know much about the code, you can also find a professional website security company to repair it. This is the website vulnerability detection and testing for Laravel. I also hope that through this sharing, more people can understand it. Website vulnerabilities, the causes of vulnerabilities, and how to fix them. Only when the website is safe can we open up our hands and feet to develop the market and do a good job in marketing.

The above is the detailed content of How Laravel fixes website vulnerabilities. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:aliyun.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template