search

projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.
https://github.com/projectdiscovery/nuclei
MIT License
9.29k stars 2.64k forks source link

dotenv file environment disclosure #1877

Closed emadshanab closed 3 years ago

emadshanab commented 3 years ago 
id: dotenv-file-environment-disclosure

info:
  name: Dotenv file environment disclosure
  author: emadshanab
  severity: high
    description: dotenv file environment disclosure leading to exposing symfony APP_SECRET and MAILER_DSN password.
     reference: https://www.acunetix.com/vulnerabilities/web/dotenv-env-file/
  tags: exposure

requests:
  - method: GET
    path:
      - "{{BaseURL}}/api/.env"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "APP_SECRET"

      - type: status
        status:
          - 200

      - type: word
        words:
          - "APP_SECRET"
          - "MAILER_DSN"
          -"symfony"
          -"DATABASE_URL"
        condition: or
        part: header
parthmalhotra commented 3 years ago

Also add - "{{BaseURL}}/.env" to requests path.

daffainfo commented 3 years ago

I think you must add this to an existed template

https://github.com/projectdiscovery/nuclei-templates/blob/master/exposures/configs/laravel-env.yaml