THREAT OPS › Threat News › Livewire: remote command execution through unmarshaling
Livewire: remote command execution through unmarshaling
Livewire revolutionizes Laravel development by enabling real-time, interactive web interfaces using only PHP and Blade, removing the need of heavy JavaScript frameworks. Its innovative hydration system seamlessly instantiate and restores component states, supporting complex data types.
However, this mechanism comes with a critical vulnerability: a dangerous unmarshalling process can be exploited
MITRE ATT&CK techniques
- JavaScriptT1059.007