Level 50
What is your APP_ENV set to in your .env file?
1 like
Apr 16, 2017
3
Level 1
[SOLVED] How block TokenMismatchException in VerifyCsrfToken.php in production when it is produces
Hi,
I want to block the error page of tokenmismatchexception in production.
I am doing penetration tests in my website and I have seen that when I change the token for another value and I send the form (POST) the page show me an error that reveals sensible information.
Form values: email: [email protected] psw: lina token: dsfdsd8f3
Example of POST: _token=dVa9835cWzXsxPOZtyZwqMk4tIJa0GfltDYIxLnT&ip=&email=foo-bar%40example.com&password=lina
Error: Whoops, looks like something went wrong.
1/1 TokenMismatchException in VerifyCsrfToken.php line 68:
Laravel version: Laravel Framework 5.4.17 (php artisan --version)
[SOLVED] The problem was the the .env DEBUG was in TRUE, I solved it puting this optinion in false
Level 1
This was the failure... .env debug was in true, I put in false and all the problem was solved inmediatly, thanks!
Level 122
it's showing values that are in the post message so, if that data is sensitive then it should not be in the form
if this is the login page then it should only be showing what was just submitted to the form (therefore is known)
to stop the request being dumped, change your environment to production
1 like
Please or to participate in this conversation.