New Relic: Sensitive information disclosure

ID H1:207388
Type hackerone
Reporter kothari
Modified 2017-10-11T22:18:55


I am able to download ciritcal files which include newrelic environment setup, setting uo of database which also says which database is used etc.

I am able to access this information using a google dork

Google ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv

Real proof:

Such information should not be available publically.

Please find attached documents which i was able to download, there are more documents with juicy information.

Please feel free to reach me in case you need any help for mitigation.