Site hacking with information disclosure🤒
Hello everyone.
Today, while installing docker, we suddenly thought of creating a dork to see .env files that can be read in the world. It happened after that.
Attention: My purpose in sharing this post is to raise awareness of you and to protect your company from such deficits. Please do not use such information for real-life attacks.
The .env file can be used for simple container deployments and even complex full-stack deployments. Either way, it’s a much more secure way of using secrets for a deployment. Although nothing is perfect, using a hidden file (one that starts with a . in Linux is considered hidden) that keeps you from hard coding secrets into your manifests should not just be considered the smart way to go, it should be your default. And, yes, there are even more secure ways to handle secrets.
Ref:
Dork:
- Step 1
When we look at the contents of the file, we reach sensitive information that can be used for mysql, smtp servers. I wanted to test that.
- Step 2
Good luck at the entrance. I now had access to the company’s “no-reply” address.
I sent an email to myself from there and it was good when I tested it.
- Step 4
I even went to mysql databases and cracked the admin’s hash. This time I was really lucky.
Report
Then, I sent information to the company’s blue and red team personnel with their “no-reply” addresses, together with their poc and references. Yes, I am enjoying it 😂
Friends, this is the movement that suits us. It is to report the deficiencies and weaknesses you find.
Bonus:
We can get a shell from mysql under suitable conditions. For this, we need to know the udf exploit.
Finally, I would like to state that my purpose in sharing this post is to give the correct permissions to files containing such sensitive information in your company or the company you will work for. Sometimes a company that uses very expensive tools and solutions will run into problems because of such vulnerabilities.
“Thank you for reading. I hope that will be useful. If you have any questions or comments, please do not hesitate to write. Have a good day”