CVE-2024-52301

This repository provides a detailed writeup and proof-of-concept for CVE-2024-52301, which exploits Laravel's environment detection mechanism by manipulating $_SERVER['argv'] via URL parameters when register_argc_argv is enabled in PHP. The vulnerability allows an attacker to override the application environment, affecting Blade directives and other environment-dependent logic.

This PoC demonstrates CVE-2024-52301, a vulnerability in Laravel where GET parameters can manipulate application configuration due to improper handling of `--env` arguments. The exploit leverages `register_argc_argv` being enabled to treat query parameters as command-line arguments.

This script automates the detection of CVE-2024-52301, a Laravel environment manipulation vulnerability, by enumerating subdomains and testing them with crafted query strings. It checks for indicators of vulnerability in HTTP responses but does not include an exploit payload.

This repository contains a scanner script that checks for Laravel Arbitrary Argument Injection vulnerability (CVE-2024-52301) by enumerating subdomains and testing specific payloads. It does not include a functional exploit but detects potential vulnerabilities.