HUNT-LARAVEL — Laravel Specific Vulnerabilities

Crown Jewel Targets

Laravel debug mode enabled in production = instant RCE via Ignition (CVE-2021-3129).

Highest-value findings:

• Ignition RCE (CVE-2021-3129) — APP_DEBUG=true + Laravel < 8.4.2 → /_ignition/execute-solution RCE without auth
• Telescope dashboard — /telescope exposes full request/response logs, DB queries, Redis commands, scheduled jobs, environment variables
• Horizon dashboard — /horizon exposes queue job details, failed jobs with full payloads (may contain API keys, PII)
• Signed URL manipulation — if URL::signedRoute validates wrong params → bypass signed URL → unauthorized actions
• .env exposure — APP_KEY leaked → decrypt all encrypted cookies → forge session → ATO

Phase 1 — Fingerprint Laravel