This spring, Google introduced eight new TLDs, and two of them are creating a little bit of a stink online. The top-level domain “.zip” is also an extension for archive files employing the compression format known as “zip.” Similarly, the TLD “.mov” is also the file format extension “.mov”. So, how can this be abused?
Write laravel for a living? Maybe make sure that you don’t let your web server serve your .env files. Sample Google search: db_username filetype:env
Recently, I was poking around on Shodan (as I do when I am bored) and I stumbled across an interesting query. If you search for “Default: admin/1234”, you get over 14,000 devices that are broadcasting their own default username and password. The devices appear to be Edimax routers. I reached out to both EmbedThis and Edimax to ask them about this....