The following tutorial column is developed by Laravel to introduce you to Laravel's method of repairing website vulnerabilities. I hope it will be helpful to friends in need!
The Laravel framework is a development framework currently used by many websites and APP operators. Because there are so many websites used, many attackers are constantly attacking We conducted vulnerability testing on the website. When we conducted vulnerability testing on the system, we found that there was a REC vulnerability. It was mainly an XSRF vulnerability. Let's analyze the vulnerability in detail, how to exploit it, and how to fix it. Record.
The exploitation of this Laravel REC vulnerability requires conditions. The APP_KEY must be leaked before it can be successfully exploited and triggered. Our SINE security technology discovered a total of There are two places where website vulnerabilities can occur. The first is the cookies field in the Post packet, and the other is the HTTP header field where malicious total code can be inserted into the website backend.
Let’s build it Let’s take a look at the environment for website vulnerability testing. We use linux centos system, PHP5.5 version, the database is mysql, and it is built using apache environment. The Laravel version used is 5.6.28. First, we go to the official website to download the version and unzip it to the apache setting. Website directory path. First of all, in our post data, we can see that in our code, we will call more than a dozen classes, call objects in the classes, and assign parameters. In the cookies and verifycsrftoken values, we found that app_key can be used for vulnerability exploitation. First we use cookies to reproduce it:
The code is as follows:
POST / HTTP/1.2 Host: 127.0.0.2:80 Cookie: safe_SESSION=PHPSTORM; 5LqG5L+d6K+B5omA6L6T5Ye655qE57yW56CB5L2N5Y+v6K+75a2X56ym77yMQmFzZTY05Yi25a6a5LqG5LiA5Liq57yW56CB6KGo77yM5Lul5L6/6L+b6KGM57uf5LiA6L2s5o2i44CC57yW56CB6KGo55qE5aSn5bCP5Li6Ml42PTY077yM6L+Z5Lmf5pivQmFzZTY05ZCN56ew55qE55Sx5p2l44CCDQoNCkJhc2U2NOe8lueggeihqA==; Content-Type: application/x-www-form- Connection: open Content-Length: 1
The above code is in the cookies column. The encrypted value is what we want The forged attack code submits the POST request to the website. It will first decrypt the APP_key and assign it a value. If the decryption is successful, the value in the cookies will be verified and deserialized, and then If the vulnerability occurs, the RCE vulnerability will be triggered.
Let’s test the vulnerability using the http header method. First, we will construct a code similar to cookies, as follows:
POST / HTTP/1.2 Host: 127.0.0.2:80 X-XSRF-TOKEN: +B5omA6L6T5Ye655qE57yW56CB5L2N5Y+v6K+75a2X56ym77yMQmFzZTY05Yi25a6a5LqG5LiA5Liq57yW56CB6KGo77yM5Lul5L6/6L+b6KGM57uf5LiA6L2s5o2i44CC57yW56CB6KGo55qE5aSn5bCP5Li6Ml42PTY077yM6L+Z5Lmf5pivQmFzZTY05ZCN56ew55qE55Sx5p2l44CCDQoNCkJhc2U2NOe8lueggeihqA==; Content-Type: application/x-www-form- Connection: open Content-Length: 1
Look here at the X-XSRF-TOKEN: value. The Laravel framework will judge and verify this value during the submission process. If the decryption is successful, the deserialization operation will be performed. I won’t go through it one by one here. Introduction and explanation.
How to fix Laravel's vulnerability?
Our SINE security technology upgraded the Laravel version and found that the latest 5.6.30 version has the rce vulnerability Repairs have been made. From our code comparison, we can see that the decryption and parsing operations of cookies have been judged, and the static::serialized() value has been written more. This is also added to X-XSRF-TOKEN. Value. If you don’t know much about the code, you can also find a professional website security company to repair it. This is the website vulnerability detection and testing for Laravel. I also hope that through this sharing, more people can understand it. Website vulnerabilities, the causes of vulnerabilities, and how to fix them. Only when the website is safe can we open up our hands and feet to develop the market and do a good job in marketing.
The above is the detailed content of How Laravel fixes website vulnerabilities. For more information, please follow other related articles on the PHP Chinese website!