daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1263 from dietervds/edit-some-laravel-templates 

Edits to two Laravel related templates
patch-1
PD-Team 2021-04-11 20:55:50 +05:30 committed by GitHub
parent b0d7059c02 cb58bffb82
commit 82437a9830
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
exposures/configs/laravel-env.yaml
View File

@ -1,9 +1,11 @@
id: laravel-env
info:
name: Laravel .env file
name: Laravel .env file accessible
author: pxmme1337 & dwisiswant0 & geeknik & emenalf
severity: medium
severity: critical
description: Laravel uses the .env file to store sensitive information like database credentials and tokens. It should not be publicly accessible.
reference: https://laravel.com/docs/master/configuration#environment-configuration
tags: config,exposure
requests:

4
exposures/logs/laravel-log-file.yaml
View File

@ -3,7 +3,9 @@ id: laravel-log-file
info:
name: Laravel log file publicly accessible
author: sheikhrishad & geeknik
severity: low
severity: high
description: The log file of this Laravel web app might reveal details on the inner workings of the app, possibly even tokens, credentials or personal information.
reference: https://laravel.com/docs/master/logging
tags: laravel,log,exposure
requests: