AMBER AI: I found some api keys in js files ,huge leak of token addresses and huge amount of js files are not forbidden

Main / AMBER AI: I found some api keys in js files ,huge leak of token addresses and huge amount of js files are not forbidden

Discription

## Summary:
Huge leak of token addresses in (be.whalefin.com) and huge leak of js files

## Steps To Reproduce:
[add details for how we can reproduce the issue]

1. You can see huge leak of token addresses in below site
https://be-jp.whalefin.com/common-config/v1/config/coin/all-config
Please check poc

NOTE:SOME API KEYS ARE FOUND IN JS FILES. SO PLEASE KEEP JS FILES FORBIDDEN

1. Huge leak of js files
Some examples:
https://www.whalefin.com/_next/static/chunks/polyfills-0d1b80a048d4787e.js
https://www.whalefin.com/_next/static/chunks/webpack-3fc48f634eb48f0b.js
https://www.whalefin.com/_next/static/chunks/framework-79bce4a3a540b08 Supporting
https://www.whalefin.com/_next/static/chunks/main-ceb62cabf2460eaa.js
https://www.whalefin.com/_next/static/chunks/pages/_app-7ef3ae34c51e5d10.js

[attachment / reference]
Screenshot in attachment

Reference: Support Portal Takeover via Leaked API KEY-hackerone report

## Impact

Js file have some credentials and lead to leakage of api key, username, password etcRead More

References

Back to Main

Subscribe for the latest news: