tom/darkly
1
0
Fork 0
mirror of https://github.com/tmoron/darkly.git synced 2025-09-27 12:48:35 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
darkly/sensitive_file_exposure/README.md

1.1 KiB
Raw Permalink Blame History

Sensitive file exposure

How We Found It

in the /robots.txt page, there is a page called /whatever that is disallowed. when we go to /whatever, there is a file called htaccess that we can download. in this file there is just one line :

root:437394baff5aa33daa618be47b75cb49

that looks like a user login and a password hashed using md5, so we decrypted it and got the password qwerty123@. This is intresting but where shoud we use it ? there is a page called /admin, on this page, there is a login and password prompt, when we enter the username and password found earlier, we get a flag.

Utility of It

  • Leaks credentials that can be used to access restricted areas (like /admin).
  • Can lead to full system compromise if reused elsewhere.
  • Highlights bad practice of storing sensitive data in web-accessible paths.

How Can We Patch It

  • Never expose sensitive files like .htaccess, .env, config.php, etc.
  • Properly configure the web server to deny access to such files.
  • Avoid storing plaintext or weakly hashed passwords in accessible locations.
  • Use strong hashing algorithms (e.g., bcrypt) and limit access to admin interfaces.