- Creation
- Validation
- Communication & fix
- Disclosure
azs-formations.fr / Exposure of public .env file
Deleted user
reported 2021-10-09
A public accessible .env was found, potentially leaking personal information :
https://www.azs-formations.fr/.env
Please ensure credentials present in that file were reset.
IP:
91.121.169.41Port:
443Detected protocol:
httpsVulnerable URL:
https://www.azs-formations.fr/.envAPP_NAME=AZS-FORMATIONS
APP_ENV=local
APP_KEY=base64:<redacted>
APP_DEBUG=true
APP_URL=https://jobzzer.fr
LOG_CHANNEL=stack
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=c0formations
DB_USERNAME=c0formations
DB_PASSWORD=<redacted>
BROADCAST_DRIVER=log
CACHE_DRIVER=file
SESSION_DRIVER=file
SESSION_LIFETIME=120
QUEUE_DRIVER=sync
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
MAIL_DRIVER=smtp
MAIL_PORT=465
MAIL_ENCRYPTION=ssl
MAIL_HOST=smtp.googlemail.com
MAIL_USERNAME=support@jobzzer.fr
MAIL_PASSWORD=<redacted>
MAIL_FROM_NAME=AZS-FORMATIONS
MAIL_FROM_ADDRESS=no-replay@jobzzer.fr
PAYPAL_CLIENT_ID=<redacted>
PAYPAL_SECRET=<redacted>
PAYPAL_MODE=live
PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1
MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
NOCAPTCHA_SECRET=<redacted>
NOCAPTCHA_SITEKEY=<redacted>
Found by DotEnvConfigPlugin 2021-08-19
Report created by
deleted-user
2021-10-09
deleted-user
2021-10-09
Report edited by
BloodyShell
2021-10-09
BloodyShell
2021-10-09
Report approved by
BloodyShell
2021-10-09
BloodyShell
2021-10-09
New PDF report generated by system 2021-10-09
Report dispatched to ...@... by system 2021-10-09
Report marked as fixed by
BloodyShell
2021-10-11
BloodyShell
2021-10-11
Report closed by
BloodyShell
2021-10-11
BloodyShell
2021-10-11
New PDF report generated by system 2021-10-11
Report edited by
deleted-user
2021-10-12
deleted-user
2021-10-12
New PDF report generated by system 2021-10-12
Information
Owner
azs-formations.fr
Created
2021-10-09 09:47
Updated
2021-10-12 20:30
Fixed
true
Contacts
C...@azs-formations.fr
Status
Status
closed
Hosting contacted
false
CERT contacted
false
Download report