cfreal
commented
2 years ago Hello CyanM0un,
FYI you can use ./find-gc-compatibility laravel/laravel laravel/RCE12 for PHPGGC to find out which versions of Laravel your payload works on.
It got me the following range: v6.0.0 to v8.6.12. v9.3.10 was marked as NON compatible.
Does it look correct ?
If we need to change the gadgetchain to make it work on both versions, just make two different ones.
I test the payload on three versions: 5.8.35, 7.0.0 and the latest 9.3.10. It may be a little troublesome that we need modify the "gadgets.php" sometime. For 5, use the field "rollbarNotifier" of the entry. For 7 or latter, use the field "rollbarLogger" of the entry. It also works for the latest version 9.3.10. But by the way, the latest version requires PHP > 8, so ......