Published on September 2nd, 2020 📆 | 1678 Views ⚑0
Bagisto Credential Disclosure ≈ Packet Storm
- Bagisto Credential Disclosure
- Posted Sep 1, 2020
- Authored by devsecweb
As of 2020/09/01, all versions of Bagisto appear to leak database and email server credentials in the document root.
- MD5 |
Bagisto is an open source shop system based on PHP and Laravel framework
Bagisto can be installed in sub-directories below the document root exposing the Laravel .env file which includes database and e-mail server credentials.
There have been observed installations in the wild exposing the .env file like https://klingbakeshop.com/public/ (https://klingbakeshop.com/public/)
The "public" directory must be configured as document root of the web server
Sent with PrivateMail