Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-21 20:23:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] one page and one asset modified

Browse source
This commit is contained in:
CPol 2021-08-28 20:43:03 +00:00 committed by gitbook-bot
parent 82bdf06844
commit b1b10f518f
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
2 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
.gitbook/assets/image (610).png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 69 KiB

9
pentesting/pentesting-web/laravel.md
View file

@ -2,6 +2,15 @@
## Laravel Tricks
### Debugging mode
If Laravel is in **debugging mode** you will be able to access the **code** and **sensitive data**.
For example `http://127.0.0.1:8000/profiles`:
![](../../.gitbook/assets/image%20%28610%29.png)
This is usually needed for exploiting other Laravel RCE CVEs.
### .env
Laravel saves the APP it uses to encrypt the cookies and other credentials inside a file called `.env` that can be accessed using some path traversal under: `/../.env`