As you all may know, Team TWT is a huge fan of Laravel. Our Team always look forward to contributes and explores more & more about the framework.
Recently, we were busy gathering a database of Pakistani websites running on Laravel. Soon, we came across Pakistan’s very own PTV’s website, which we found is built on Laravel. At first we were really happy to see that some big names are using Laravel to build their websites using Laravel. But what we just discovered next was really sad yet disappointing.
Let us go through some of the priceless pictures from the PTV’s official website where almost every sensitive or yet forbidden (to be more specific) file is exposed on the internet. Which is indeed very sad for me as a developer.
Well, have a look at it.
We not only know that.
Isn’t that the composer.json file? Oh yes, it is.
I guess they aren’t on PTV website.
And I always thought there’s some Rocket science called ‘URL Rewrites’
Well, If you want a more professional yet better website, which you could be proud of, you can always leave us a message here. Team TWT really likes to help.
In the end, I only want to say that don’t misinterpret us. This isn’t about to hurt anyone’s sentiments. This isn’t a personal attack as well. We only want justice to be prevailed for this lovely framework. None of us were able to digest how these noobs just played unfair with Laravel.
This article is only for the awareness for some developers out there not to repeat these mistakes again. I hope they will learn from these mistakes.
Hence we hope this isn’t taken the wrong way. Our mere concern was to pin point the fact that the security of ptv’s website shouldn’t be so lightly handled
If you liked this article, do leave us a comment below. You can also follow us on Twitter.