Security Researcher Detected: You might have ended up here because your site vulnerability scanner found something interesting. Hi! I'm a security engineer and I'm having a good time interacting with the people and bots that are interested in information security.
You will hopefully find this site is well-secured and I'm not interested in being hacked. I'm interested in learning about how people try to hack me, though.
What is this endpoint?
_ignition/execute-solution
Laravel Ignition
What an attacker could do
Laravel Ignition's debug solution endpoint, when debug mode is on, allows unauthenticated remote code execution via CVE-2021-3129, giving an attacker full control of the application server.
How to defend it
Set APP_DEBUG=false in production, upgrade facade/ignition to a patched version, and block the _ignition route at the web server or WAF.
Connect with the Security Engineer
Learn More
Want to dive deeper into this topic? Check out the official documentation.
Read Official Documentation