nuclei-templates/exposures/configs/laravel-env.yaml

31 lines
933 B
YAML
Raw Normal View History

2020-05-24 02:44:48 +00:00
id: laravel-env
2020-05-23 18:09:25 +00:00
info:
name: Laravel .env file accessible
author: pxmme1337 & dwisiswant0 & geeknik & emenalf
severity: critical
description: Laravel uses the .env file to store sensitive information like database credentials and tokens. It should not be publicly accessible.
reference: https://laravel.com/docs/master/configuration#environment-configuration
2021-04-06 06:46:11 +00:00
tags: config,exposure
2020-05-23 18:09:25 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}/.env"
- "{{BaseURL}}/.env.dev.local"
- "{{BaseURL}}/.env.development.local"
- "{{BaseURL}}/.env.prod.local"
- "{{BaseURL}}/.env.production.local"
2021-02-08 12:48:52 +00:00
- "{{BaseURL}}/.env.local"
- "{{BaseURL}}/.env.example"
- "{{BaseURL}}/.env.stage"
- "{{BaseURL}}/.env.live"
2020-05-24 02:44:48 +00:00
matchers-condition: and
2020-05-23 18:09:25 +00:00
matchers:
- type: regex
regex:
- "(?m)^APP_(NAME|ENV|KEY|DEBUG|URL)="
2020-05-24 02:44:48 +00:00
- type: status
status:
- 200