I'm trying to build a vulnerable Laravel webserver to exploit the CVE-2018-15133.
To exploit this vulnerability, the webserver needs to print out the APP_KEY in the debug view of laravel. I've installed Laravel 5.5.40, which is vulnerable, and I was able to turn on the debug mode. My problem is that I cannot show the debug key inside the debug view of laravel.
If I try to print the $_ENV
variable inside the controller, it prints out an empty array, while if I print out env('APP_KEY')
, it can reach this value.
My goal is to achieve this debug view.
This picture is taken from this youtube video.