[CVE - 2017-16894] - Laravel Enviroment Variables - Read passwords and login credentials

Postado por @elber333 - 10/11/2017 - FireShell Security team
fireshellsecurity.team - MAIL: admin@fireshellsecurity.team
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16894


Environment variables allow developers to extract sensitive credentials from their source code and to use different configuration variables based on their working environment. For most developers their local machine has different database credentials than their production environment. While different database credentials are one of the most common differences between production and local environments there are a host of other configuration variables that may also differ. On some badly configured sites, these variables can be viewed by accessing the /.env file, eg: mylaravelapp.dumb / .env

Google Dork:

    ext:env intext:"# APP_ENV" -git


    --smartrahat on stackoverflow--
    Finally I hide .env and disable index view of the folder named local. I create a .htaccess in folder local: And here is the code of .htaccess

    # Disable index view
    Options -Indexes

    # Hide a specific file
    <Files .env>
        Order allow,deny
        Deny from all