Dozens of websites are still vulnerable

Published Date: 2020/09/12 by: DaVieS

Dozens of websites are still vulnerable

We are not speaking about a BUG, or Exploit, this is something st*pid similar if you see a burglar and let you in meanwhile you thanks to him to choose your house. Oh wait.. Not just like that, because the website may contains a lot of people private data, such as photos, passwords, addresses..

So this is something that you can solve easily and absolutely your fault, we contacted many sites owner to resolve the issue, and only 10% did that in the past 6 months.

 

Details

  • .env files (mostly used by Laravel) may contains your database passwords and any sensitive data I really don't know why using dotfiles instead of PHP?
  • .git files, this is a Git Repository if this available to attackers they could grab your source code including passwords or even your SSL Certificates, API Keys.
  • .ini files sometimes a beginner PHP programmers uses .INI files to store passwords
  • .db / .sqlite We discovered many SQlite database available in websites that contains passwords or any sensitive datas.

 



If you like the article then don't forget to share!


BVCP 2.0.x Released

Our one of the most popular FREE-TO-USE Software BVCP reached the next milestone.Big thanks to the active community, a ton of feedbacks received..


Welcome 2024

We have been busy at 2023. Im personally very happy to see a lot of new technologies especially EV related researches.We continued to support our..


FreeBSD 14 fresh install breaks mc (Midnight Commander) subshell support

We are very happy to announce that - if you did not know already - one of the best Operating System released a new version. FreeBSD 14. This..


ZFS Replication Software

  While we are working on BVCP 2.0 just another software made to handle ZFS Replications over multiple nodes. The software yet not released..


Bhyve UEFI drops into EFI shell, Linux wont boot Easy Workaround

  EFI works that way that the installer places a file into a FAT32 partition in a regular directory as called "BOOT". The usual full path of..


Nexus Datalogger 2023

We're proudly present that we released out our next version of datalogger software as commerical product. Our first version of Datalogger..


Big Concern: Facebook hack, Google Chrome V8 Hack, Meta Support

Many users experiences that their account leaked through Facebook Advertisement platform.The BOT change their names to Kevin Konkrete Davis and..


Maintenance

We are doing some regular maintenance at 22:00 - 02:00 UTC. Some services might be distrupted at this time. ..


FreeBSD Bhyve Webadmin | BVCP 1.9.8 Just Released

BVCP 1.9.8 features  New protocol to transmit VNC/RFB data as encrypted and compressed.Better, faster and more responsive UI.Colored..

All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD