Show APP_KEY in Laravel debug mode

Asked May 02 '22 at 21:01

Active May 03 '22 at 15:34

Viewed 738 times

I'm trying to build a vulnerable Laravel webserver to exploit the CVE-2018-15133.

To exploit this vulnerability, the webserver needs to print out the APP_KEY in the debug view of laravel. I've installed Laravel 5.5.40, which is vulnerable, and I was able to turn on the debug mode. My problem is that I cannot show the debug key inside the debug view of laravel.

If I try to print the $_ENV variable inside the controller, it prints out an empty array, while if I print out env('APP_KEY'), it can reach this value.

My goal is to achieve this debug view.

This picture is taken from this youtube video.

edited May 03 '22 at 15:34

asked May 02 '22 at 21:01

matteosantini

Could you create a github repo of your code and share it? – Coola May 02 '22 at 23:16
Of course, here It is: [link](https://github.com/matteosantini/laravel-vuln-5). In order to check the debug view just run the "php artisan serv" and go to http://127.0.0.1:8000/. – matteosantini May 03 '22 at 07:18

Show APP_KEY in Laravel debug mode

0 Answers0