PRIMARY CATEGORY → WEB TECHNOLOGIES
Laravel → PHP Web Application Framework
Debugging Mode
If Laravel Debug Mode is enabled, quite a lot sensitive information is leaked such as the content of the .env configuration file
.Env Configuration File Leakage
This file contains sensitive information such as →
-
Database Credentials
-
APP Key
Insecure Object Deserialization → RCE
The Laravel App Key can be used by an attacker to craft a malicious payload and encrypt it with that key before sending it to the Web Server
The above situation is exploited via the CVE-2018-15133
