Bagisto Credential Disclosure

Bagisto Credential Disclosure: Posted Sep 1, 2020; Authored by devsecweb; As of 2020/09/01, all versions of Bagisto appear to leak database and email server credentials in the document root.; tags | exploit, root, info disclosure; SHA-256 | 74b9f3889f450e046f3f29aa9d6575b5877a84afc22c532d82f65985d7a9c34c; Download | Favorite | View

Bagisto Credential Disclosure

Vendor:
Bagisto (https://bagisto.com/)
Affected version:
All
Introduction:
  Bagisto is an open source shop system based on PHP and Laravel framework
  Vulnerability description:
Bagisto can be installed in sub-directories below the document root exposing the Laravel .env file which includes database and e-mail server credentials.

Proof:
There have been observed installations in the wild exposing the .env file like https://klingbakeshop.com/public/ (https://klingbakeshop.com/public/)

Solution:
The "public" directory must be configured as document root of the web server
Sent with PrivateMail

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 55 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Google Security Research 6 files
Apple 6 files
Milad Karimi 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,333)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,578)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,460)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Bagisto Credential Disclosure

Bagisto Credential Disclosure

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Bagisto Credential Disclosure

Share This

Bagisto Credential Disclosure

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems