- Creation
- Validation
- Communication & fix
- Disclosure
Abastra.com / Exposure of public .env file
Deleted user
reported 2021-10-09
A public accessible .env has been found, potentially leaking personal information : https://51.77.151.56/.env
IP:
51.77.151.56Port:
443Detected protocol:
httpsVulnerable URL:
https://51.77.151.56/.envVERSION="v0.1.1"
BASE_URL="https://asserto.abastra.com"
INDEX_PAGE="index.php"
TITLE="Asserto"
DB_HOST="localhost"
DB_USER="asserto"
DB_PASS=<redacted>
DB_NAME="asserto"
SENDGRID_API_KEY=<redacted>
SENDGRID_FROM_EMAIL=<redacted>
SENDGRID_FROM_NAME=<redacted>
DEFAULT_LANGUAGE="polish"
LANG_SHORT="pl_PL"
LANG_SINGLE="pl"
Found by DotEnvConfigPlugin 2021-09-06
Report created by
deleted-user
2021-10-09
deleted-user
2021-10-09
Report edited by
BloodyShell
2021-10-09
BloodyShell
2021-10-09
Report approved by
BloodyShell
2021-10-09
BloodyShell
2021-10-09
New PDF report generated by system 2021-10-09
Report dispatched to ...@... by system 2021-10-09
system
commented 2021-11-03:
approved
shows in report
bip! I'm a LeakIX probe. This issue looks like it has been resolved!
New PDF report generated by system 2021-11-03
Report comment dispatched to zythop by system 2021-11-03
Report comment dispatched to info@abastra.com by system 2021-11-03
Report marked as fixed by
BloodyShell
2021-11-03
BloodyShell
2021-11-03
Report closed by
BloodyShell
2021-11-03
BloodyShell
2021-11-03
New PDF report generated by system 2021-11-03
Report edited by
BloodyShell
2021-11-03
BloodyShell
2021-11-03
New PDF report generated by system 2021-11-03
Information
Owner
Abastra.com
Created
2021-10-09 12:28
Updated
2021-11-03 18:49
Fixed
true
Contacts
i...@abastra.com
Status
Status
closed
Hosting contacted
false
CERT contacted
false
Download report