Scanning for Misconfigured Laravel Apps Running in Debug Mode and Leaking Secrets
released on 2021-03-03 @ 10:35:28 PM
An attacker logged in through RDP a few days ago to run a “smtp cracker” that scans a list of IP addresses or URLs looking for misconfigured Laravel systems. These attackers are looking for websites that have debug mode enabled, which allows the attacker to see their .env (config) file. The .env file includes AWS, O365, SendGrid, Twilio credentials, and more.