## Summary:
Huge leak of token addresses in (be.whalefin.com) and huge leak of js files
## Steps To Reproduce:
[add details for how we can reproduce the issue]
1. You can see huge leak of token addresses in below site
https://be-jp.whalefin.com/common-config/v1/config/coin/all-config
Please check poc
NOTE:SOME API KEYS ARE FOUND IN JS FILES. SO PLEASE KEEP JS FILES FORBIDDEN
1. Huge leak of js files
Some examples:
https://www.whalefin.com/_next/static/chunks/polyfills-0d1b80a048d4787e.js
https://www.whalefin.com/_next/static/chunks/webpack-3fc48f634eb48f0b.js
https://www.whalefin.com/_next/static/chunks/framework-79bce4a3a540b08 Supporting
https://www.whalefin.com/_next/static/chunks/main-ceb62cabf2460eaa.js
https://www.whalefin.com/_next/static/chunks/pages/_app-7ef3ae34c51e5d10.js
[attachment / reference]
Screenshot in attachment
Reference: Support Portal Takeover via Leaked API KEY-hackerone report
## Impact
Js file have some credentials and lead to leakage of api key, username, password etcRead More