• Creation
  • Validation
  • Communication & fix
  • Disclosure

Noonoo TV / Exposure of public .env file

Deleted user reported 2021-11-07

A public accessible .env has been found, potentially leaking personal information : https://69.46.15.218/.env

IP:
69.46.15.218
Port:
443
Detected protocol:
https
Vulnerable URL:
https://69.46.15.218/.env
APP_NAME=Laravel
APP_ENV=production
APP_KEY=base64:<redacted>
APP_DEBUG=false
APP_URL=https://cdn2.studiouniversal.net
APP_TIMEZONE=Asia/Seoul

LOG_CHANNEL=stack
LOG_LEVEL=debug

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=api
DB_USERNAME=api
DB_PASSWORD="<redacted>"

BROADCAST_DRIVER=pusher
CACHE_DRIVER=redis
FILESYSTEM_DRIVER=local
QUEUE_CONNECTION=redis
SESSION_DRIVER=redis
SESSION_LIFETIME=120

MEMCACHED_HOST=127.0.0.1

REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379

MAIL_MAILER=smtp
MAIL_HOST=mailhog
MAIL_PORT=1025
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS=null
MAIL_FROM_NAME="${APP_NAME}"

AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=
AWS_USE_PATH_STYLE_ENDPOINT=false

PUSHER_APP_ID=<redacted>
PUSHER_APP_KEY=<redacted>
PUSHER_APP_SECRET=<redacted>
PUSHER_APP_CLUSTER=<redacted>

MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"

TRANSMISSION_PATH=<redacted>/downloads
WOWZA_CONTENT_PATH=<redacted>
WOWZA_HLS_SECRET_KEY=<redacted>
Found by DotEnvConfigPlugin 2021-11-07
Report created by deleted-user  2021-11-07
Report edited by BloodyShell  2021-11-07
Report approved by BloodyShell  2021-11-07
New PDF report generated by system 2021-11-07
Report dispatched to ...@... by system 2021-11-07
system commented 2021-11-08: approved shows in report

bip! I'm a LeakIX probe.

This issue looks like it has been resolved!

New PDF report generated by system 2021-11-08
Report comment dispatched to zythop by system 2021-11-08
Report comment dispatched to noonoo_cs@pm.me by system 2021-11-08
Report marked as fixed by BloodyShell  2021-11-08
Report edited by BloodyShell  2021-11-08
New PDF report generated by system 2021-11-08
Report closed by BloodyShell  2021-11-08
New PDF report generated by system 2021-11-08
Information
Owner Noonoo TV
Created 2021-11-07 12:09
Updated 2021-11-08 13:41
Fixed true

Contacts
n...@pm.me

Status
Status closed
Hosting contacted false
CERT contacted false

Download report