Insertion of Sensitive Information Into Debugging Code in microweber/microweber
Feb 20th 2022
Laravel debug mode exposes sensitive data, eg: internal source codes, stack traces, sql queries, databases names, tables names, user's cookies, email, phone number, username, laravel version, php version, etc
Proof of Concept
- Login into http://demo.microweber.org
- Navigate to this endpoint(including single quote at the end): http://demo.microweber.org/demo/admin/category/create'
- you will see all the exposed information.
Server running in debug mode, exposing sensitive information about server and user.