Can Laravel be Hacked?
Krutik Patel
Hiring | Sr. Frontend Dev | Building Scalable SaaS Startups | Believe in Innovations | Scalable Microservices Architecture
A good engineer looks both ways on a one-way street. Or, in other words, just because I locked my front door doesn't mean I don't keep my guns in a safe box.
I am talking about a popular framework Laravel and I think most of the developers have heard about it.
The creators of Laravel wanted to make things more secure than before.
I was working on a maintenance project of web applications built on Laravel. While working on a server by mistake I visited https://www.xyz.com/.env
Oops! I could see the content of the environment file :D
Some people can make mistakes and forget to read the documentation of the framework very well.
https://laravel.com/docs/7.x/configuration
This is not only the single site I have visited having a glitch. There are many websites vulnerable to these types of attacks. We have too much blood on the street.
There are some big websites. They are using phpMyAdmin or even they allow remote access to their databases thru PORT 3306.
Structure of .env file https://github.com/laravel/laravel/blob/master/.env.example. And we have some serious information saved in this file.
So now let me talk about hiding this gun.
This is a simple solution, just create .htaccess file in local: and put this code inside
And we're done.