daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: exposures/configs/laravel-env.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-05-19 13:50:08 -04:00
parent 4bb9fcf3bb
commit 486dd39f95
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
exposures/configs/laravel-env.yaml
View File

@ -1,12 +1,18 @@
id: laravel-env
info:
name: Laravel .env file accessible
name: Laravel - Sensitive Information Disclosure
author: pxmme1337,dwisiswant0,geeknik,emenalf,adrianmf
severity: critical
description: Laravel uses the .env file to store sensitive information like database credentials and tokens. It should not be publicly accessible.
severity: high
description: A Laravel .env file was discovered, which stores sensitive information like database credentials and tokens. It should not be publicly accessible.
reference:
- https://laravel.com/docs/master/configuration#environment-configuration
- https://stackoverflow.com/questions/38331397/how-to-protect-env-file-in-laravel
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cve-id:
cwe-id: CWE-522
tags: config,exposure,laravel
requests:
@ -45,3 +51,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/05/19