laravel framework for website vulnerability testing and repairing

Posted by barello at 2020-04-07

Website security information 2019-11-17 09:26:59

Laravel framework is a development framework currently used by many websites and app operators. Because of the number of websites used, many attackers are constantly testing the website for vulnerabilities. When we test the vulnerability of the system, we find that there is a rec leak. It is mainly xsrf vulnerability. Let's analyze the vulnerability in detail and how to exploit it, Three aspects of vulnerability repair are comprehensively recorded

Here's the x-xsrf-token: value. The Laraway framework will judge and verify the value during the submission process. If the decryption is successful, the deserialization operation will be carried out. Here's no longer one by one introduction and explanation. Then how to fix the vulnerability of Laraway? We upgraded the version of Laraway and found that the latest version 5.6.30 has fixed the rce vulnerability, We can see from the code comparison that we judged the decryption and parsing of cookies, wrote more value of static:: serialized(), and also added this value in x-xsrf-token. If you don't know the code too well, you can find a professional website security company to fix it. This is where the website vulnerability detection and testing for laravel come from. I hope to share this, Let more people understand the website loopholes, the causes of loopholes, and how to fix them. Only when the website is safe, can we open up our hands and feet to explore the market and do a good job in marketing