• Creation
  • Validation
  • Communication & fix
  • Disclosure

rdvartisans.fr / Exposure of public .env file

reported 2021-10-09

A public accessible .env has been found, potentially leaking personal information : https://rdvartisans.fr/.env

IP:
51.255.70.112
Port:
443
Detected protocol:
https
Vulnerable URL:
https://rdvartisans.fr/.env
APP_NAME=Laravel
APP_ENV=local
APP_KEY=base64:<redacted>
APP_DEBUG=true
APP_URL=http://rdvartisans.fr

LOG_CHANNEL=stack

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=rdvartisans
DB_USERNAME=admin
DB_PASSWORD=<redacted>

BROADCAST_DRIVER=log
CACHE_DRIVER=file
SESSION_DRIVER=file
SESSION_LIFETIME=120
QUEUE_DRIVER=sync

REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379

MAIL_DRIVER=smtp
MAIL_HOST=ssl0.ovh.net
MAIL_PORT=465
MAIL_USERNAME=contact@rdvartisans.fr
MAIL_PASSWORD=<redacted>
MAIL_ENCRYPTION=ssl

PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1

MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"

CAPTCHA_KEY = <redacted>
CAPTCHA_SECRET = <redacted>

MAIL_TEST_CONTACT=contact@rdvartisans.fr
MAIL_TEST_ESTIM=contact@rdvartisans.fr
Found by DotEnvConfigPlugin 2021-07-29
Report created by    zythop  2021-10-09
Report approved by    BloodyShell  2021-10-09
New PDF report generated by system 2021-10-09
Report dispatched to ...@... by system 2021-10-09
Report dispatched to ...@... by system 2021-10-09
Report marked as fixed by    BloodyShell  2021-10-11
Report closed by    BloodyShell  2021-10-11
New PDF report generated by system 2021-10-11
Report edited by    zythop  2021-10-12
New PDF report generated by system 2021-10-12
Information
Owner rdvartisans.fr
Created 2021-10-09 10:25
Updated 2021-10-12 20:29
Fixed true

Contacts
c...@rdvartisans.fr
c...@onleadyou.com

Status
Status closed
Hosting contacted false
CERT contacted false

Download report