|
|
|
|
|
|
by 101011
1010 days ago
|
|
|
Agreed, but server frameworks shouldn't easily enable a foot gun that allows bots to have disk access to your host. Instead, only explicitly defined routes or resource files should be available. If I had to guess, this person committed their .env file in some repo and pushed that up, and that become available because the server was misconfigured. For other servers (such as, say, Jetty), config files like that won't get exposed like that unless you're very obviously placing your config files in a public resource folder. |
|
|