Did successful XSS in a website.
Later on, found out that the web was built on laravel.
Still trying to figure out the level of negligence required to make a xss vulnerable laravel website

It’s not that hard on any sort of website. You just have to not know what you’re doing. 😂

XSS is easily missed, or not tested for in general.

Independent audits make sure those slips ups don't get left in prod for too long 😅

@C0D4
what would you say about a laravel app spitting out all env details cause app debug is true even when environment is production

@C0D4
And mysql host can be connected from anywhere.

@fahad3267 that's one incompetent dev leaving the .ENV open to the public, it's like leaving your .git/ folder open.

Actually it's probably worse, I know have everything I need to do anything I want.

db access should never be publicly accessible, firewall should be blocking direct access, even ssh into that server should be restricted to a whitelist and/or private keys.

Maybe confused between blade {{ and {!!

The Web isn't built on Laravel.

@Cultist
Your grammar is as horrible as mine.
(The refers to the subject told before.)

* Now don't say i don't get sarcasm

@fahad3267 you don't get sarcasm.

@Cultist @fahad3267

Maybe becouse lack of context but I found that cute.¯\_(ツ)_/¯