__CONSTRUCT passed as Method in $request->method(); ?

Mmh, I've never seen it before.. Do you have a more explicit debug trace and maybe even de code from the middleware and controller? Gives a lot more context ;)

PDOException: SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'method' at row 1 #33 vendor/laravel/framework/src/Illuminate/Database/Connection.php(458): execute #32 vendor/laravel/framework/src/Illuminate/Database/Connection.php(458): Illuminate\Database{closure} #31 vendor/laravel/framework/src/Illuminate/Database/Connection.php(657): runQueryCallback #30 vendor/laravel/framework/src/Illuminate/Database/Connection.php(624): run #29 vendor/laravel/framework/src/Illuminate/Database/Connection.php(459): statement #28 vendor/laravel/framework/src/Illuminate/Database/Connection.php(411): insert #27 vendor/laravel/framework/src/Illuminate/Database/Query/Processors/Processor.php(32): processInsertGetId #26 vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php(2202): insertGetId #25 vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php(1285): __call #24 vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php(726): insertAndSetId #23 vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php(691): performInsert #22 vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php(554): save #21 app/Http/Middleware/LogHttp.php(38): handle #20 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Pipeline{closure} #19 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Routing{closure} #18 vendor/fideloper/proxy/src/TrustProxies.php(57): handle #17 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Pipeline{closure} #16 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Routing{closure} #15 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(30): handle #14 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Pipeline{closure} #13 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Routing{closure} #12 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(30): handle #11 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Pipeline{closure} #10 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Routing{closure} #9 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): handle #8 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Pipeline{closure} #7 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Routing{closure} #6 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(46): handle #5 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Pipeline{closure} #4 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Routing{closure} #3 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(102): then #2 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(151): sendRequestThroughRouter #1 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(116): handle #0 public/index.php(55): null Illuminate\Database\QueryException: SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'method' at row 1 (SQL: insert into http_logs (ipv4, method, path, query, ajax, datetime) values (120.79.73.22, __CONSTRUCT, /, , 0, 2019-02-10 19:07:51)) #31 vendor/laravel/framework/src/Illuminate/Database/Connection.php(664): runQueryCallback #30 vendor/laravel/framework/src/Illuminate/Database/Connection.php(624): run #29 vendor/laravel/framework/src/Illuminate/Database/Connection.php(459): statement #28 vendor/laravel/framework/src/Illuminate/Database/Connection.php(411): insert #27 vendor/laravel/framework/src/Illuminate/Database/Query/Processors/Processor.php(32): processInsertGetId #26 vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php(2202): insertGetId #25 vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php(1285): __call #24 vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php(726): insertAndSetId #23 vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php(691): performInsert #22 vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php(554): save #21 app/Http/Middleware/LogHttp.php(38): handle #20 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Pipeline{closure} #19 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Routing{closure} #18 vendor/fideloper/proxy/src/TrustProxies.php(57): handle #17 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Pipeline{closure} #16 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Routing{closure} #15 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(30): handle #14 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Pipeline{closure} #13 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Routing{closure} #12 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(30): handle #11 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Pipeline{closure} #10 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Routing{closure} #9 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): handle #8 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Pipeline{closure} #7 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Routing{closure} #6 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(46): handle #5 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Pipeline{closure} #4 vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Routing{closure} #3 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(102): then #2 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(151): sendRequestThroughRouter #1 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(116): handle #0 public/index.php(55): null

Details for 120.79.73.22 IP: 120.79.73.22 Decimal: 2018461974 Hostname: 120.79.73.22 ASN: 37963 ISP: Aliyun Computing Co. Organization: Hangzhou Alibaba Advertising Co.,Ltd. Services: None detected Type: Broadband Assignment: Static IP Blacklist: Continent: Asia Country: China cn flag Latitude: 34.7725 (34° 46′ 21.00″ N) Longitude: 113.7266 (113° 43′ 35.76″ E)

Could it be someone literally posting __CONSTRUCT as the http verb because there is an issue on some other platform and they are probing for that issue?

Snapey, that is very very possible, I log a lot of attempts to reach wp-logins and PhpMyAdmins.

I want to be thorough to ensure Laravel isn't vulnerable / I missed something about middleware

so someone trying something like this: https://www.owasp.org/index.php/PHP_Object_Injection

Are you sure the column in your database isn't too small?

Source: https://stackoverflow.com/questions/48477861/laravel-string-data-right-truncated-1406-data-too-long-for-column

@bobbybouwmann

thats not the issue. That is the fault that was thrown, but the OP is expecting only regular HTTP verbs to be stored such as 'POST' and 'GET', 'PATCH' etc. So, yes the column width is to small for __CONSTRUCT. The OP wonders if something wrong with his code to cause $request->method to return that value.

We both suspect malicious request hitting the server with an invalid verb, such as happens with Object Injection attack.