Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Laravel - Sensitive Information Disclosure

By kannthu

High
Vidoc logoVidoc Module
#config#exposure#laravel
Description

Laravel - Sensitive Information Disclosure

What is the "Laravel - Sensitive Information Disclosure?"

The "Laravel - Sensitive Information Disclosure" module is designed to detect the presence of a Laravel .env file that may contain sensitive information such as database credentials and tokens. This module targets Laravel applications and helps identify potential misconfigurations that could lead to information exposure.

This module has a severity level of high, indicating the potential impact of the disclosed sensitive information if left unprotected.

Original authors: pxmme1337, dwisiswant0, geeknik, emenalf, adrianmf

Impact

If the Laravel .env file is publicly accessible, it can expose sensitive information to unauthorized individuals. This includes database credentials, API keys, and other sensitive configuration details. Attackers can exploit this information to gain unauthorized access, manipulate data, or launch further attacks on the application.

How the module works?

The "Laravel - Sensitive Information Disclosure" module works by sending HTTP requests to specific paths commonly used for storing Laravel .env files. It then applies matching conditions to determine if the file is accessible and contains sensitive information.

Example HTTP request:

GET /.env

The module uses two matching conditions:

- Matcher 1: Checks the response body for specific patterns that indicate the presence of sensitive information, such as database credentials and application configuration details. - Matcher 2: Verifies that the HTTP response status is 200, indicating a successful request.

If both matching conditions are met, the module reports a vulnerability, indicating that the Laravel .env file is accessible and contains sensitive information.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/.env/.env.bak/.env.dev(+19 paths)
Matching conditions
regex: (?mi)^APP_(NAME|ENV|KEY|DEBUG|URL|PASSWO...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability