FS#15 : Bug Bounty|User credential Leaked on Github-dork

Status Closed
Assigned To No-one
Private

Attached to Project: Security vulnerabilities
Opened by weshi - 18.01.2024
Last edited by cbay - 18.01.2024

FS#15 - Bug Bounty|User credential Leaked on Github-dork

Description:
A User's credential was leaked on github-dork.This will give potential insights to user's sensitive infos if any.

Steps to Reproduce:
1.github dork "admin.alwaysdata.com password"
2.visit this Repo:"https://github.com/AndryAurelian101/PHP-project/blob/b3b26287837a34ecb75da46e90ebf01c919d0c1e/www/db_connect.php"
3.you could see the credential are leaked.

I was able to login into the user's credential for verification.

Impact:
Information disclosure

Mitigation:
Redacting the credentials

Closed by cbay
18.01.2024 08:50
Reason for closing: Invalid

Comments (2)
Related Tasks (0/0)

cbay commented on 18.01.2024 08:47

Hello,

Some customers do leak their credentials, but it's not a security vulnerability from alwaysdata. There's nothing we can do to prevent a customer from leaking their credentials.

Kind regards,
Cyril

weshi commented on 18.01.2024 08:50

oh okay

Thanks for your quick response
w3shi

	Tasks related to this task (0)

Loading...

Keyboard shortcuts

Available keyboard shortcuts

Alt + ⇧ Shift + l Login Dialog / Logout
Alt + ⇧ Shift + a Add new task
Alt + ⇧ Shift + m My searches
Alt + ⇧ Shift + t focus taskid search

Tasklist

o open selected task
j move cursor down
k move cursor up

Task Details

n Next task
p Previous task
Alt + ⇧ Shift + e ↵ Enter Edit this task
Alt + ⇧ Shift + w watch task
Alt + ⇧ Shift + y Close Task

Task Editing

Alt + ⇧ Shift + s save task