• Creation
  • Validation
  • Communication & fix
  • Disclosure

Abastra.com / Exposure of public .env file

zythop reported 2021-10-09

A public accessible .env has been found, potentially leaking personal information : https://51.77.151.56/.env

IP:
51.77.151.56
Port:
443
Detected protocol:
https
Vulnerable URL:
https://51.77.151.56/.env
VERSION="v0.1.1"

BASE_URL="https://asserto.abastra.com"
INDEX_PAGE="index.php"

TITLE="Asserto"

DB_HOST="localhost"
DB_USER="asserto"
DB_PASS=<redacted>
DB_NAME="asserto"

SENDGRID_API_KEY=<redacted>
SENDGRID_FROM_EMAIL=<redacted>
SENDGRID_FROM_NAME=<redacted>

DEFAULT_LANGUAGE="polish"
LANG_SHORT="pl_PL"
LANG_SINGLE="pl"
Found by DotEnvConfigPlugin 2021-09-06
Report created by zythop  2021-10-09
Report edited by BloodyShell  2021-10-09
Report approved by BloodyShell  2021-10-09
New PDF report generated by system 2021-10-09
Report dispatched to ...@... by system 2021-10-09
system commented 2021-11-03: approved shows in report

bip! I'm a LeakIX probe.

This issue looks like it has been resolved!

New PDF report generated by system 2021-11-03
Report comment dispatched to zythop by system 2021-11-03
Report comment dispatched to info@abastra.com by system 2021-11-03
Report marked as fixed by BloodyShell  2021-11-03
Report closed by BloodyShell  2021-11-03
New PDF report generated by system 2021-11-03
Report edited by BloodyShell  2021-11-03
New PDF report generated by system 2021-11-03
Information
Owner Abastra.com
Created 2021-10-09 12:28
Updated 2021-11-03 18:49
Fixed true

Contacts
i...@abastra.com

Status
Status closed
Hosting contacted false
CERT contacted false

Download report