How I used a simple Google query to mine passwords from dozens of public Trello boards by Kushagra Pathak

January 15, 2019
(125 views)

A few days ago on 25th April, while researching, I found that a lot of individuals and companies are putting their sensitive information on their public Trello boards. Information like unfixed bugs and security vulnerabilities, the credentials of their social media accounts, email accounts, server and admin dashboards — you name it, is available on their public Trello Boards which are being indexed by all the search engines and anyone can easily find them.

How did I discover this?

I searched for Jira instances of companies running Bug Bounty Programs with the following search query:

inurl:jira AND intitle:login AND inurl:[company_name]

Note: I used a Google dork query, sometimes referred to as a dork. It is a search string that uses advanced search operators to find information that is not readily available on a website. — 

Read the rest of this story with a free account.

Already have an account? Sign in

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Liva Johnson
Liva Johnson
4 years ago

This is a really amazing piece of writing. There are things that I come to know for the first time and I wanna give thank you for sharing the information.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.