darkly/sensitive_file_exposure/README.md

Sensitive file exposure

How We Found It

in the /robots.txt page, there is a page called /whatever that is disallowed. when we go to /whatever, there is a file called htaccess that we can download. in this file there is just one line :

root:437394baff5aa33daa618be47b75cb49

that looks like a user login and a password hashed using md5, so we decrypted it and got the password qwerty123@. This is intresting but where shoud we use it ? there is a page called /admin, on this page, there is a login and password prompt, when we enter the username and password found earlier, we get a flag.

Utility of It

• Leaks credentials that can be used to access restricted areas (like /admin).
• Can lead to full system compromise if reused elsewhere.
• Highlights bad practice of storing sensitive data in web-accessible paths.

How Can We Patch It

• Never expose sensitive files like .htaccess, .env, config.php, etc.
• Properly configure the web server to deny access to such files.
• Avoid storing plaintext or weakly hashed passwords in accessible locations.
• Use strong hashing algorithms (e.g., bcrypt) and limit access to admin interfaces.