- Creation
- Validation
- Communication & fix
- Disclosure
arpce / Exposure of public .env file
Deleted user
reported 2021-10-09
A public accessible .env has been found, leaking credentials and personal information :
https://151.80.240.56/.env
Any credentials present in this file should also so be reset.
IP:
151.80.240.56Port:
443Detected protocol:
httpsVulnerable URL:
https://151.80.240.56/.envAPP_NAME=ARPCE
APP_ENV=local
APP_KEY=base64:<redacted>
APP_DEBUG=false
APP_LOG_LEVEL=debug
APP_URL=http://www.arpce.cg/
ADMIN_MAIL=<redacted>@expertel-communication.com
DB_CONNECTION=mysql
DB_HOST=localhost
DB_PORT=3306
DB_DATABASE=arpce_prod
DB_USERNAME=arpce_prod
DB_PASSWORD=<redacted>
BROADCAST_DRIVER=log
CACHE_DRIVER=file
SESSION_DRIVER=file
SESSION_LIFETIME=120
QUEUE_DRIVER=sync
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
MAIL_DRIVER=smtp
MAIL_HOST=smtp.expertel-communication.com
MAIL_PORT=587
MAIL_USERNAME=<redacted>@expertel-communication.com
MAIL_PASSWORD=<redacted>
MAIL_ENCRYPTION=null
PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1
Found by DotEnvConfigPlugin 2021-07-26
Report created by
deleted-user
2021-10-09
deleted-user
2021-10-09
Report edited by
deleted-user
2021-10-09
deleted-user
2021-10-09
Report edited by
BloodyShell
2021-10-09
BloodyShell
2021-10-09
Report approved by
BloodyShell
2021-10-09
BloodyShell
2021-10-09
New PDF report generated by system 2021-10-09
Report dispatched to ...@... by system 2021-10-09
Report dispatched to ...@... by system 2021-10-09
Report marked as fixed by
BloodyShell
2021-10-10
BloodyShell
2021-10-10
Report closed by
BloodyShell
2021-10-10
BloodyShell
2021-10-10
New PDF report generated by system 2021-10-10
Report edited by
deleted-user
2021-10-10
deleted-user
2021-10-10
New PDF report generated by system 2021-10-10
Information
Owner
arpce
Created
2021-10-09 11:09
Updated
2021-10-10 13:51
Fixed
true
Contacts
a...@arpce.cg
c...@arpce.cg
Status
Status
closed
Hosting contacted
false
CERT contacted
false
Download report