FirstBlood-#542Environment Files Exposed Publicly
This issue was discovered on FirstBlood v2

On 2021-10-26, mrrootsec Level 2 reported:

Hello Zseano, Hope you are doing well


On Firstblood V2 environment files are exposed publicly ,this lead to the access to files which should have been restricted.

Steps to Reproduce the issue :

  1. Navigate to below URL's, Source code leakage

Impact :

  1. Source Code Disclosure
  2. Sensitive Information Disclosure

Remediation / Fix:

  1. Restrict the access to the environment files

Thanks and Regards


P2 High

Endpoint: NA

Parameter: NA

Payload: NA

FirstBlood ID: 36
Vulnerability Type: Information leak/disclosure

It is possible to use the composer.json to aid with another vulnerability and gaining information/knowledge on versions used.