Critical Zero-Day in Indian Government Web App

2025. 07. 31.
OSINT 협회
OSINT 정보
Critical Zero-Day in Indian Government Web App Among the sensitive data exposed were complete MySQL root credentials, giving unrestricted access to government databases labeled under DB_DATABASE=laravel. The file also included full AWS S3 cloud storage credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_BUCKET), making it possible for an attacker to browse, delete, or exfiltrate terabytes of sensitive government documents.
Critical Zero-Day in Indian Government Web App Among the sensitive data exposed were complete MySQL root credentials, giving unrestricted access to government databases labeled under DB_DATABASE=laravel. The file also included full AWS S3 cloud storage credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_BUCKET), making it possible for an attacker to browse, delete, or exfiltrate terabytes of sensitive government documents.
게시일: 2025. 07. 31.
출처: OSINT 협회 Facebook
원본 Facebook 게시물 보기 →
이전

ShinyHunters behind Salesforce data theft attacks at Qantas, Allianz Life, and LVMH

다음

CVE-2025-54576 (CVSS 9.1) : Critical OAuth2-Proxy Flaw Allows Authentication Bypass via Query Parameters