CVE-2021-3129
The target Laravel instance appears to be vulnerable to CVE-2021-3129 due to its outdated version and option to enable the debug mode
/Practice/LaVita/3-Exploitation/attachments/{AF5F22E7-58FF-47F7-8641-6EA8A8537E09}.png)
A vulnerability was found in Ignition up to 2.5.1. It has been rated as critical. This issue affects the function file_get_contents/file_put_contents of the component Debug Mode. The manipulation leads to an unknown weakness. The identification of this vulnerability is CVE-2021-3129. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
Exploit
The exploit that was locally found failed due to its inability to locate the laravel.log file
/Practice/LaVita/3-Exploitation/attachments/{E40D8D78-C7EC-4FFC-9E7E-9A0EB21494DE}.png)
Eventually, I have found an excellent exploit script that automatically find the path to the laravel.log file and integrating the PHPGGC payload generator.