Symfony Remote Information Disclosure

Symfony versions prior to 2.7.13 suffer from a remote information disclosure vulnerability when app_dev is enabled.


MD5 | 24ccf4690feb930cce80b458f01201c7

# Exploit Title: Symfony < 2.7.13 - Remote information Disclosure
# Google Dork: N/A
# Date: 6/27/2018
# Exploit Author: Abdeljalil Nouiri (pwny)
# Author Mail : abdel001nouiri[at]gmail[dot]com
# Vendor Homepage: https://www.symfony.com/
# Version: 2.7.13
# Tested on: Win10 x64, Ubuntu

# Exploit :


-STEP 1:

This Vulnerability Will Work if the "app_dev" isn't disabled

url : https://localhost/app_dev.php/

-STEP 2:

the last step of symfony configuration still accessible , this would leak
all information including ( database host/user/password ... etc)

url :https://localhost/app_dev.php/_configurator/final



# POC :

http://prntscr.com/kbuua8

Related Posts