Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
It’s not that hard on any sort of website. You just have to not know what you’re doing. π
-
C0D4669025yXSS is easily missed, or not tested for in general.
Independent audits make sure those slips ups don't get left in prod for too long π -
@C0D4
what would you say about a laravel app spitting out all env details cause app debug is true even when environment is production -
C0D4669025y@fahad3267 that's one incompetent dev leaving the .ENV open to the public, it's like leaving your .git/ folder open.
Actually it's probably worse, I know have everything I need to do anything I want.
db access should never be publicly accessible, firewall should be blocking direct access, even ssh into that server should be restricted to a whitelist and/or private keys. -
@Cultist
Your grammar is as horrible as mine.
(The refers to the subject told before.)
* Now don't say i don't get sarcasm -
Related Rants
-
blockchaintacos19D: βDid the attackers exfiltrate any data?β M: βI canβt say for sure, but most likely based onββ ...
-
boombodies12Corporate IT: Here at Company A we are very proactive about CyberSecurity! Dev: What is our cybersecurity pla...
-
hashedram9Security tester: Injects XSS into a rich text editor and flags it for a vulnerability. "Oh that's fine, let's...
Did successful XSS in a website.
Later on, found out that the web was built on laravel.
Still trying to figure out the level of negligence required to make a xss vulnerable laravel website
rant
cybersecurity
xss
laravel.