This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Laravel Framework < 5.5.21 leaks sensitive data via the `/.env` file. π₯ **Consequences**: Attackers can steal passwords and secrets. Itβs a direct info disclosure bug in the KeyGenerateCommand.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: The `writeNewEnvironmentFileWith` function uses `file_put_contents` without restricting file permissions.β¦
π₯ **Affected**: Laravel Framework versions **5.5.21 and earlier**. π¦ **Component**: Specifically the `src/Illuminate/Foundation/Console/KeyGenerateCommand.php` module.
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Hackers Can**: Obtain sensitive information like database passwords, API keys, and app secrets. π **Privileges**: No special privileges needed; just a direct HTTP request to `/.env`.
Q5Is exploitation threshold high? (Auth/Config)
β‘ **Threshold**: **LOW**. No authentication required. No complex configuration needed. Just visit the `/.env` URL. πͺ **Access**: Publicly accessible if the server serves static files correctly.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π₯ **Public Exp?**: **YES**. Multiple PoCs exist on GitHub (e.g., ibnurusdianto, projectdiscovery/nuclei). π **Wild Exploitation**: Easy to automate with tools like Nuclei. High risk of widespread scanning.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for `/.env` endpoint response. π‘ **Features**: Use Nuclei templates or simple HTTP GET requests. If you get a file download or content dump, youβre vulnerable.β¦
π§ **No Patch?**: Manually set file permissions to `600` or `400` for `.env`. π« **Web Config**: Configure Nginx/Apache to **block** access to `/.env` or deny access to dotfiles entirely.β¦