nuclei-templates/exposures/configs/laravel-env.yaml

31 lines
933 B
YAML

id: laravel-env
info:
name: Laravel .env file accessible
author: pxmme1337 & dwisiswant0 & geeknik & emenalf
severity: critical
description: Laravel uses the .env file to store sensitive information like database credentials and tokens. It should not be publicly accessible.
reference: https://laravel.com/docs/master/configuration#environment-configuration
tags: config,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/.env"
- "{{BaseURL}}/.env.dev.local"
- "{{BaseURL}}/.env.development.local"
- "{{BaseURL}}/.env.prod.local"
- "{{BaseURL}}/.env.production.local"
- "{{BaseURL}}/.env.local"
- "{{BaseURL}}/.env.example"
- "{{BaseURL}}/.env.stage"
- "{{BaseURL}}/.env.live"
matchers-condition: and
matchers:
- type: regex
regex:
- "(?m)^APP_(NAME|ENV|KEY|DEBUG|URL)="
- type: status
status:
- 200