- Creation
- Validation
- Communication & fix
- Disclosure
gs-appt.gov.lb / Exposure of public .env file
Deleted user
reported 2022-01-30
A public accessible .env has been found, potentially leaking personal information : http://185.173.60.26/.env
IP:
185.173.60.26Port:
80Detected protocol:
httpVulnerable URL:
http://185.173.60.26/.envAPP_NAME="Passport Renewal Platform"
APP_ENV=local
APP_KEY=base64:<redacted>
APP_DEBUG=true
APP_URL=http://localhost/public
APP_VERSION=1.0
LOG_CHANNEL=stack
LOG_LEVEL=debug
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=9000
DB_DATABASE=prp
DB_USERNAME=admin
DB_PASSWORD=<redacted>
DB_ENGINE=InnoDB
BROADCAST_DRIVER=log
CACHE_DRIVER=file
QUEUE_CONNECTION=sync
SESSION_DRIVER=file
SESSION_LIFETIME=120
MEMCACHED_HOST=127.0.0.1
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
MAIL_MAILER=smtp
MAIL_HOST=mailhog
MAIL_PORT=1025
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS=null
MAIL_FROM_NAME="${APP_NAME}"
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=
PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1
MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
GOOGLE_RECAPTCHA_KEY=<redacted>
GOOGLE_RECAPTCHA_SECRET=<redacted>
Found by DotEnvConfigPlugin 2021-12-24
Report created by
deleted-user
2022-01-30
deleted-user
2022-01-30
Report edited by
BloodyShell
2022-02-04
BloodyShell
2022-02-04
Report approved by
BloodyShell
2022-02-04
BloodyShell
2022-02-04
New PDF report generated by system 2022-02-04
Report edited by
BloodyShell
2022-02-04
BloodyShell
2022-02-04
New PDF report generated by system 2022-02-04
Information
Owner
gs-appt.gov.lb
Created
2022-01-30 16:40
Updated
2022-02-04 16:27
Fixed
false
Status
Status
closed
Hosting contacted
false
CERT contacted
false
Download report