Laravel Log File Disclosure

Log files are used by the Web Server to provide information to the application developer about the application and its behavior. Most of the time the log files are stored in the same folder as the application files.

Impact

An attacker might be able to retrieve sensitive information, like database credentials or user tokens, by simply retrieving the application log files.

Solution

Storing the log files outside the web root (in a folder not accessible by the Web Server) can prevent an attacker from having access to the log files.

References

• http://www.laravel.com/docs/master/logging