FirstBlood-#542 — Environment Files Exposed Publicly
This issue was discovered on FirstBlood v2.0.0 (issues patched)
On 2021-10-26, mrrootsec Level 2 reported:
Hello Zseano, Hope you are doing well
On Firstblood V2 environment files are exposed publicly ,this lead to the access to files which should have been restricted.
Steps to Reproduce the issue :
Navigate to below URL's, Source code leakage
- Source Code Disclosure
- Sensitive Information Disclosure
Remediation / Fix:
- Restrict the access to the environment files
Thanks and Regards
FirstBlood ID: 36
Vulnerability Type: Information leak/disclosure
It is possible to use the composer.json to aid with another vulnerability and gaining information/knowledge on versions used.