### [CVE-2021-3129](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3129)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.

### POC

#### Reference
- http://packetstormsecurity.com/files/162094/Ignition-2.5.1-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/165999/Ignition-Remote-Code-Execution.html

#### Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/0day666/Vulnerability-verification
- https://github.com/0nion1/CVE-2021-3129
- https://github.com/0xMarcio/cve
- https://github.com/0xStrygwyr/OSCP-Guide
- https://github.com/0xZipp0/OSCP
- https://github.com/0xaniketB/HackTheBox-Horizontall
- https://github.com/0xsyr0/OSCP
- https://github.com/1111one/laravel-CVE-2021-3129-EXP
- https://github.com/20142995/Goby
- https://github.com/20142995/sectool
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/ArrestX/--POC
- https://github.com/Awrrays/FrameVul
- https://github.com/Axianke/CVE-2021-3129
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/Dheia/sc-main
- https://github.com/EdgeSecurityTeam/Vulnerability
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/Erikten/CVE-2021-3129
- https://github.com/FunPhishing/Laravel-8.4.2-rce-CVE-2021-3129
- https://github.com/GhostTroops/TOP
- https://github.com/H0j3n/EzpzCheatSheet
- https://github.com/HimmelAward/Goby_POC
- https://github.com/JERRY123S/all-poc
- https://github.com/JacobEbben/CVE-2021-3129
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/Ly0nt4r/OSCP
- https://github.com/M00nBack/vulnerability
- https://github.com/MadExploits/Laravel-debug-Checker
- https://github.com/Maskhe/evil_ftp
- https://github.com/MiracleAnameke/Cybersecurity-Vulnerability-and-Exposure-Report
- https://github.com/Miraitowa70/POC-Notes
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/SNCKER/CVE-2021-3129
- https://github.com/SYRTI/POC_to_review
- https://github.com/SecPros-Team/laravel-CVE-2021-3129-EXP
- https://github.com/SenukDias/OSCP_cheat
- https://github.com/SexyBeast233/SecBooks
- https://github.com/SirElmard/ethical_hacking
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/TrojanAZhen/Self_Back
- https://github.com/W-zrd/UniXploit
- https://github.com/WhooAmii/POC_to_review
- https://github.com/XuCcc/VulEnv
- https://github.com/Z0fhack/Goby_POC
- https://github.com/Zero094/Vulnerability-verification
- https://github.com/Zoo1sondv/CVE-2021-3129
- https://github.com/ajisai-babu/CVE-2021-3129-exp
- https://github.com/alsigit/nobi-sectest
- https://github.com/ambionics/laravel-exploits
- https://github.com/aurelien-vilminot/ENSIMAG_EXPLOIT_CVE2_3A
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/banyaksepuh/Mass-CVE-2021-3129-Scanner
- https://github.com/bfengj/CTF
- https://github.com/carlosevieira/larasploit
- https://github.com/casagency/metasploit-CVE
- https://github.com/crisprss/Laravel_CVE-2021-3129_EXP
- https://github.com/crowsec-edtech/larasploit
- https://github.com/cuongtop4598/CVE-2021-3129-Script
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/daltonmeridio/WriteUpHorizontall
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/e-hakson/OSCP
- https://github.com/eljosep/OSCP-Guide
- https://github.com/flxnzz/UniXploit
- https://github.com/hktalent/TOP
- https://github.com/hupe1980/CVE-2021-3129
- https://github.com/iBotPeaches/ctf-2021
- https://github.com/idea-oss/laravel-CVE-2021-3129-EXP
- https://github.com/iskww/larasploit
- https://github.com/jbmihoub/all-poc
- https://github.com/joshuavanderpoll/CVE-2021-3129
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/karimmuya/laravel-exploit-tricks
- https://github.com/keyuan15/CVE-2021-3129
- https://github.com/kgwanjala/oscp-cheatsheet
- https://github.com/knqyf263/CVE-2021-3129
- https://github.com/lanmarc77/CVE-2021-33831
- https://github.com/leoambrus/CheckersNomisec
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/manas3c/CVE-POC
- https://github.com/miko550/CVE-2021-3129
- https://github.com/mstxq17/SecurityArticleLogger
- https://github.com/n3masyst/n3masyst
- https://github.com/nitishbadole/oscp-note-3
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/nth347/CVE-2021-3129_exploit
- https://github.com/oscpname/OSCP_cheat
- https://github.com/oxMdee/Cybersecurity-Vulnerability-and-Exposure-Report
- https://github.com/pen4uin/awesome-vulnerability-research
- https://github.com/pen4uin/vulnerability-research
- https://github.com/pen4uin/vulnerability-research-list
- https://github.com/qingchenhh/Tools-collection
- https://github.com/r3volved/CVEAggregate
- https://github.com/ramimac/aws-customer-security-incidents
- https://github.com/randolphcyg/nuclei-plus
- https://github.com/revanmalang/OSCP
- https://github.com/shadowabi/Laravel-CVE-2021-3129
- https://github.com/simonlee-hello/CVE-2021-3129
- https://github.com/soosmile/POC
- https://github.com/trganda/starrlist
- https://github.com/trhacknon/Pocingit
- https://github.com/txuswashere/OSCP
- https://github.com/tzwlhack/Vulnerability
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/whoforget/CVE-POC
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/withmasday/CVE-2021-3129
- https://github.com/xhref/OSCP
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/youwizard/CVE-POC
- https://github.com/zecool/cve
- https://github.com/zhzyker/CVE-2021-3129
- https://github.com/zhzyker/vulmap