Dozens of websites are still vulnerable

Published Date: 2020/09/12 by: DaVieS

Dozens of websites are still vulnerable

We are not speaking about a BUG, or Exploit, this is something st*pid similar if you see a burglar and let you in meanwhile you thanks to him to choose your house. Oh wait.. Not just like that, because the website may contains a lot of people private data, such as photos, passwords, addresses..

So this is something that you can solve easily and absolutely your fault, we contacted many sites owner to resolve the issue, and only 10% did that in the past 6 months.

 

Details

  • .env files (mostly used by Laravel) may contains your database passwords and any sensitive data I really don't know why using dotfiles instead of PHP?
  • .git files, this is a Git Repository if this available to attackers they could grab your source code including passwords or even your SSL Certificates, API Keys.
  • .ini files sometimes a beginner PHP programmers uses .INI files to store passwords
  • .db / .sqlite We discovered many SQlite database available in websites that contains passwords or any sensitive datas.

 



If you like the article then don't forget to share!


Side Quest, BVCP WebUI for FreeBSD Bhyve

Okay, so we are in middle to upgrade and realign our infrastructure and happened days ago with a random facebook talk, someone hinted FreeBSD..


Corrupted innoDB on linux ext4, data recovery

I could say I saw a everthing but not, here is the case: There is a VM Host with ZFS Storage, direct attached, and there is a Linux VPS with ext4..


FreeBSD 13 Just Released

FreeBSD The best operating system for serve WEB and FTP has just announced yesterday, that the newest version is ready for production. One of the..


MVCP 2.0 is our biggest thing ever

We promised to be released back in 2020 but COVID make us busy too.MVCP is our "Webhosting" packed into a single appliance top on the WORLD..


What is R3 as Certificate Issuer?

Don't panic, it is still Let's Encrypt. Let's Encrypt is a free SSL Certificate provider, issuing certificates automatically but only for 3..


Happy New Year, 2021

Thank you, we are happy to see you here again! nPulse.net site and it's services are performed better by more than 50% overall in 2020 compared..


Seems Google have serious problems with gmail.com

It started about a week ago, gmail.com started an agressive rate limiting (DEFER), seems gmail.com have serious problems regarding to all of our..


System Upgrade, PHP 8.0 Failures

So today we had a little downtime partially due to security upgrades, and major version upgrades.nPulse.net is linked to many services, most of..


PayPal going to support crypto currencies

According to the latest news we can confirm that PayPal has entered the cryptocurrency market allowing for their customers to buy and sell..


Evolving. Trusted. Doing Better.

We put a many efforts to make our infrastucture stable, green and fast.And we see that you are appreciate that, because our numbers..

All rights reserved nPulse.net 2009 - 2021
Powered by: MVCP 2.0-RC / ASPF / PHP 7.4 / NGINX / FreeBSD