Are You Developer?

Hi Friends, Are you Developer??

Just Look at It.

It’s a serious note for you. I can show you live hacking of websites/admin panels.

** Disclaimer : – Information Shared here is completely confidential do not misuse it otherwise whatever action will be taken by the authority you are yourself responsible for that.

Here we Go:

1) Go to Google
2) Search for DB_USERNAME filetype:env

Now you will get a list of .env files of the appropriate site which is public, you can completely read this file which causes leakage of your database confidential info, mail confidential info other all confidential info relates to your project.

How to prevent this??
What is Solution??

Here we Go:

Protect it using your .htaccess file

For Apache

<FilesMatch "^\.env">
    Order allow,deny
    Deny from all
</FilesMatch>

For nginx

location ~ /\.(?!well-known).* {
       deny all;
}

you can check using : $PROJECTURL/$PATH_FOR_ENV

Also, You can check apps for developer. – Helping Hands

About the author

pondabrothers

View all posts

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *