Navigation X
ALERT
Click here to register with a few steps and explore all our cool stuff we have to offer!



 567

website exposes credentials on a registration page

by crackeduser225566 - 01 June, 2022 - 01:10 AM
This post is by a banned member (crackeduser225566) - Unhide
crackeduser225566  
Registered
1
Posts
1
Threads
2 Years of service
#1
OP 01 June, 2022 - 01:10 AM (This post was last modified: 01 June, 2022 - 01:16 AM by crackeduser225566. Edited 1 time in total.)
while trying to register for this site, I found a security hole

it exposes all the environmental variables

https://mysapphireridge.ca/register
Code:
    DB_HOST     "127.0.0.1"
    DB_PORT     "3306"
    DB_DATABASE     "unused"
    DB_USERNAME     ""
    DB_PASSWORD     ""
    REDIS_PORT     "6379"
    MAIL_MAILER     "mailgun"
    MAIL_HOST     "null"
    MAIL_PORT     "587"
    MAIL_USERNAME     "[email protected]"
    MAIL_PASSWORD     "rPRCEd$yW%pEQ3z"
    MAIL_ENCRYPTION "null"
    MAIL_FROM_ADDRESS "[email protected]"
    MAIL_FROM_NAME     "Info"

they are exposing the mail username and password lol
Code:
    MAIL_USERNAME     "[email protected]"
    MAIL_PASSWORD     "rPRCEd$yW%pEQ3z"

someone with zero security experience created this application haha :monkas:
This post is by a banned member (TheSg2) - Unhide
TheSg2  
Registered
11
Posts
1
Threads
2 Years of service
#2
07 June, 2022 - 05:18 AM (This post was last modified: 07 June, 2022 - 05:18 AM by TheSg2.)
(01 June, 2022 - 01:10 AM)crackeduser225566 Wrote: Show More
while trying to register for this site, I found a security hole

it exposes all the environmental variables

https://mysapphireridge.ca/register
Code:
    DB_HOST     "127.0.0.1"
    DB_PORT     "3306"
    DB_DATABASE     "unused"
    DB_USERNAME     ""
    DB_PASSWORD     ""
    REDIS_PORT     "6379"
    MAIL_MAILER     "mailgun"
    MAIL_HOST     "null"
    MAIL_PORT     "587"
    MAIL_USERNAME     "[email protected]"
    MAIL_PASSWORD     "rPRCEd$yW%pEQ3z"
    MAIL_ENCRYPTION "null"
    MAIL_FROM_ADDRESS "[email protected]"
    MAIL_FROM_NAME     "Info"

they are exposing the mail username and password lol
Code:
    MAIL_USERNAME     "[email protected]"
    MAIL_PASSWORD     "rPRCEd$yW%pEQ3z"

someone with zero security experience created this application haha :monkas:

hahahahh mate wtf, what is that page for xd
(01 June, 2022 - 01:10 AM)crackeduser225566 Wrote: Show More
while trying to register for this site, I found a security hole

it exposes all the environmental variables

https://mysapphireridge.ca/register
Code:
    DB_HOST     "127.0.0.1"
    DB_PORT     "3306"
    DB_DATABASE     "unused"
    DB_USERNAME     ""
    DB_PASSWORD     ""
    REDIS_PORT     "6379"
    MAIL_MAILER     "mailgun"
    MAIL_HOST     "null"
    MAIL_PORT     "587"
    MAIL_USERNAME     "[email protected]"
    MAIL_PASSWORD     "rPRCEd$yW%pEQ3z"
    MAIL_ENCRYPTION "null"
    MAIL_FROM_ADDRESS "[email protected]"
    MAIL_FROM_NAME     "Info"

they are exposing the mail username and password lol
Code:
    MAIL_USERNAME     "[email protected]"
    MAIL_PASSWORD     "rPRCEd$yW%pEQ3z"

someone with zero security experience created this application haha :monkas:

hahahahh mate wtf, what is that page for xd
League player, student and anime enjoyer :pepo:

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
 or
Sign in
Already have an account? Sign in here.


Forum Jump:


Users browsing this thread: 1 Guest(s)

About Cracked.io

Cracked.io is a community forum that suits basically everyone. We provide cracking tutorials, tools, leaks, marketplace and much more stuff! You can also learn many things here, meet new friends and have a lot of fun!
If you would like to contact us, you can send our staff team a message.

Navigation

Extras

Help

Account