Bagisto Credential Disclosure

Bagisto Credential Disclosure: Posted Sep 1, 2020; Authored by devsecweb; As of 2020/09/01, all versions of Bagisto appear to leak database and email server credentials in the document root.; tags | exploit, root, info disclosure; SHA-256 | 74b9f3889f450e046f3f29aa9d6575b5877a84afc22c532d82f65985d7a9c34c; Download | Favorite | View

Bagisto Credential Disclosure

Vendor:
Bagisto (https://bagisto.com/)
Affected version:
All
Introduction:
  Bagisto is an open source shop system based on PHP and Laravel framework
  Vulnerability description:
Bagisto can be installed in sub-directories below the document root exposing the Laravel .env file which includes database and e-mail server credentials.

Proof:
There have been observed installations in the wild exposing the .env file like https://klingbakeshop.com/public/ (https://klingbakeshop.com/public/)

Solution:
The "public" directory must be configured as document root of the web server
Sent with PrivateMail

Top Authors In Last 30 Days

Red Hat 250 files
Ubuntu 62 files
Debian 22 files
Apple 14 files
LiquidWorm 12 files
Gentoo 8 files
Google Security Research 4 files
Alter Prime 3 files
Jann Horn 3 files
Andrey Stoykov 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,169)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,011)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,372)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,008)
UNIX (9,481)
UnixWare (188)
Windows (6,785)
Other

Bagisto Credential Disclosure

Bagisto Credential Disclosure

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Bagisto Credential Disclosure

Share This

Bagisto Credential Disclosure

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems