Sensitive file exposure

How We Found It

in the /robots.txt page, there is a page called /whatever that is disallowed. when we go to /whatever, there is a file called htaccess that we can download. in this file there is just one line :

root:437394baff5aa33daa618be47b75cb49

that looks like a user login and a password hashed using md5, so we decrypted it and got the password qwerty123@. This is intresting but where shoud we use it ? there is a page called /admin, on this page, there is a login and password prompt, when we enter the username and password found earlier, we get a flag.

Utility of It

Leaks credentials that can be used to access restricted areas (like /admin).
Can lead to full system compromise if reused elsewhere.
Highlights bad practice of storing sensitive data in web-accessible paths.

How Can We Patch It

Never expose sensitive files like .htaccess, .env, config.php, etc.
Properly configure the web server to deny access to such files.
Avoid storing plaintext or weakly hashed passwords in accessible locations.
Use strong hashing algorithms (e.g., bcrypt) and limit access to admin interfaces.