Do you think laravel website can be hacked?

Do you think laravel website can be hacked?

Before I start writing, I would like to share this Reddit comment with you :

 

So, We’ll talk about a popular framework and I think most of the developers heard about it. it’s Laravel.

As we know, the creators of these frameworks wanted to make things more secure than before.

I had a client a few days ago, he requested me to maintain his web application and also build a new module for him, he was using Laravel, while I was trying to fix some issues, I’ve checked the .env file in order to see if the password of MySQL server is correct because I had some problems with the migration 😠 . by mistake I visited this link :

Oops !! I could see the content of the environment file 😆

I know, I know … some people can make mistakes and forget to read the documentation of the framework very well ..

 

I think it’s clear. No?

Anyways, this is not the point, we have a huge problem with the rest of the world. I have done some research and I found many websites are vulnerable to this type of attack.

 

75,000 results, It’s too much no? (Dork: hidden => to avoid any type of attack from untrusted readers ) .

So, I wanted to go so far and code a Google Scraper with python ❤, and my predictions were totally right, we’ve too much blood on the street 👌

 

The problem is , there are some big websites. they are using phpMyAdmin or even they allow remote access to their databases thru PORT 3306.

This is the structure of the .env file :

We’ve some serious information their guys. so now we’ll talk about hiding this gun 😆 .

this is a simple solution, just create a .htaccess file in local: and put this code inside:

# Disable index view
Options -Indexes

# Hide a specific file
<Files .env>
Order allow,deny
Deny from all
</Files>

And we’re done.

Don’t ask for the python tool ;) . just for the curious , when you try to see the HTTP response to check if the .env file is exist or no , you’ll getcode() = 403 (Forbidden) ,

req = Request(url)

add the header : headers={‘User-Agent’: ‘Mozilla/5.0’}

req = Request(url , headers={‘User-Agent’: ‘Mozilla/5.0’} )

 

Check my gigs on Fiverr : (I provide a full scan for your website)

https://www.fiverr.com/sifatkazi

About us

Do you believe that your brand needs help from a creative team? Contact us to start working for your project!

Read More

Banner ad

 

Are you looking for