Bagisto Credential Disclosure

Bagisto Credential Disclosure: Posted Sep 1, 2020; Authored by devsecweb; As of 2020/09/01, all versions of Bagisto appear to leak database and email server credentials in the document root.; tags | exploit, root, info disclosure; SHA-256 | 74b9f3889f450e046f3f29aa9d6575b5877a84afc22c532d82f65985d7a9c34c; Download | Favorite | View

Bagisto Credential Disclosure

Vendor:
Bagisto (https://bagisto.com/)
Affected version:
All
Introduction:
  Bagisto is an open source shop system based on PHP and Laravel framework
  Vulnerability description:
Bagisto can be installed in sub-directories below the document root exposing the Laravel .env file which includes database and e-mail server credentials.

Proof:
There have been observed installations in the wild exposing the .env file like https://klingbakeshop.com/public/ (https://klingbakeshop.com/public/)

Solution:
The "public" directory must be configured as document root of the web server
Sent with PrivateMail

Top Authors In Last 30 Days

Red Hat 237 files
Ubuntu 88 files
indoushka 67 files
Jasper Nota 25 files
Willem Westerhof 19 files
Gentoo 18 files
Debian 18 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,093)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,547)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,665)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,473)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,730)
UNIX (9,433)
UnixWare (187)
Windows (6,671)
Other

Bagisto Credential Disclosure

Bagisto Credential Disclosure

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Bagisto Credential Disclosure

Share This

Bagisto Credential Disclosure

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems