PHP Info Exposing Secrets at https://radio.mtn.bj/info

## Summary: During recon I discovered a PHP Info file exposing environment variables such as; Laravel APP_KEY, Database username/password, SMTP username/password, etc. ## Steps To Reproduce: Visit the following URL; ``` https://radio.mtn.bj/info ``` You will be presented with a PHP Info file exposing environment / PHP Variables. ## Further Information: I successfully sent an email using [python-smtp-mail-sending-tester](https://github.com/turbodog/python-smtp-mail-sending-tester) with the exposed credentials; ``` $ python smtptest.py -v -u [email protected] -p w?#h#DLkAPa7 [email protected] [email protected] camembert.o2switch.net ('usetls:', False) ('usessl:', False) ('from address:', '[email protected]') ('to address:', '[email protected]') ('server address:', 'camembert.o2switch.net') ('server port:', 25) ('smtp username:', '[email protected]') smtp password: ***** ('smtplib debuglevel:', 0) -- Message body --------------------- From: [email protected] To: [email protected] Subject: Test Message from smtptest at 2020-12-03 13:02:56 Test message from the smtptest tool sent at 2020-12-03 13:02:56 ------------------------------------- ``` The [APP_KEY](https://divinglaravel.com/app_key-is-a-secret-heres-what-its-used-for-how-you-can-rotate-it) being exposed can potential be abused as it's primary purpose is for encrypting cookies, creating signatures and encrypting/decrypting values. ## Suggestions: * Never expose PHP Info * Change all passwords and APP_KEY ## Impact Exposing passwords to critical services. Providing application keys used for encryption/decryption within the app. Sending email coming from an official email address.