• Creation
  • Validation
  • Communication & fix
  • Disclosure

azs-formations.fr / Exposure of public .env file

reported 2021-10-09

A public accessible .env was found, potentially leaking personal information :

https://www.azs-formations.fr/.env

Please ensure credentials present in that file were reset.

IP:
91.121.169.41
Port:
443
Detected protocol:
https
APP_NAME=AZS-FORMATIONS
APP_ENV=local
APP_KEY=base64:<redacted>
APP_DEBUG=true
APP_URL=https://jobzzer.fr

LOG_CHANNEL=stack

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=c0formations
DB_USERNAME=c0formations
DB_PASSWORD=<redacted>

BROADCAST_DRIVER=log
CACHE_DRIVER=file
SESSION_DRIVER=file
SESSION_LIFETIME=120
QUEUE_DRIVER=sync

REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379

MAIL_DRIVER=smtp
MAIL_PORT=465
MAIL_ENCRYPTION=ssl
MAIL_HOST=smtp.googlemail.com
MAIL_USERNAME=support@jobzzer.fr
MAIL_PASSWORD=<redacted>
MAIL_FROM_NAME=AZS-FORMATIONS
MAIL_FROM_ADDRESS=no-replay@jobzzer.fr




PAYPAL_CLIENT_ID=<redacted>
PAYPAL_SECRET=<redacted>
PAYPAL_MODE=live

PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1

MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"

NOCAPTCHA_SECRET=<redacted>
NOCAPTCHA_SITEKEY=<redacted>
Found by DotEnvConfigPlugin 2021-08-19
Report created by    zythop  2021-10-09
Report edited by    BloodyShell  2021-10-09
Report approved by    BloodyShell  2021-10-09
New PDF report generated by system 2021-10-09
Report dispatched to ...@... by system 2021-10-09
Report marked as fixed by    BloodyShell  2021-10-11
Report closed by    BloodyShell  2021-10-11
New PDF report generated by system 2021-10-11
Report edited by    zythop  2021-10-12
New PDF report generated by system 2021-10-12
Information
Owner azs-formations.fr
Created 2021-10-09 09:47
Updated 2021-10-12 20:30
Fixed true

Contacts
C...@azs-formations.fr

Status
Status closed
Hosting contacted false
CERT contacted false

Download report