id: laravel-log-file info: name: Laravel log file publicly accessible author: sheikhrishad & geeknik severity: high description: The log file of this Laravel web app might reveal details on the inner workings of the app, possibly even tokens, credentials or personal information. reference: https://laravel.com/docs/master/logging tags: laravel,log,exposure requests: - method: GET path: - "{{BaseURL}}/storage/logs/laravel.log" matchers-condition: and matchers: - type: word part: body words: - "InvalidArgumentException" - "local.ERROR" - "ErrorException" - "syntax error" condition: or - type: word part: header words: - "text/plain" - "text/x-log" condition: or - type: status status: - 200