Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackerone4w3H1:289189
HistoryNov 10, 2017 - 2:54 p.m.

Legal Robot: Exposes a series of other private credentials

2017-11-1014:54:49
4w3
hackerone.com
18
JSON

Hi,

I found a Javascript file where have many private credentials.

JS File

  • https://app.legalrobot.com/meteor_runtime_config.js

Code

__meteor_runtime_config__ = {"meteorRelease":"[email protected]","meteorEnv":{"NODE_ENV":"production","TEST_METADATA":"{}"},"PUBLIC_SETTINGS":{"analyticsSettings":{"Google Analytics":{"trackingId":"UA-62872512-1"},"Intercom":{"appId":"nmyyq5i5"},"Keen IO":{"projectId":"556cb72a2fd4b162515c7ef8","writeKey":"dc0bfcfdeb1073312ebf28588828f224162ce8a2de411bbb563909191bfe4f6fc2f89749d64bc29ef1326e6f9520a7eec85ac68d1631abd3a211fea234f0b8f1d211bcd1a4f89d1a2ca7bdd5393dcc616155ba2eb65f0f26c14ecff30cef6958"}},"aws":{"files":{"region":"us-west-2"}},"contact":{"siteName":"Legal Robot","SMS":"(877) 413-4380","email":"[email protected]","logo":"https://www.legalrobot.com/assets/img/logo.png","url":"https://www.legalrobot.com","shortUrl":"LegalRobot.com","address":"548 Market Street, Suite 28970, San Francisco, CA 94104","phone":"(415) 894-0240","facebook":"https://www.facebook.com/LegalRobot/","twitter":"https://twitter.com/legalrobot","instagram":"https://www.instagram.com/legalrobot/","googlePlus":"https://plus.google.com/+LegalRobot","linkedIn":"https://www.linkedin.com/company/legal-robot","fbAppId":"365463763640085"},"intercom":{"id":"nmyyq5i5"},"domain":"legalrobot.com","persistent_session":{"default_method":"temporary"},"stripe":{"publishableKey":"pk_live_aa7H8nClyv2IIShaDJGqDs9A"}},"ROOT_URL":"https://app.legalrobot.com","ROOT_URL_PATH_PREFIX":"","kadira":{"appId":"fqm5S7o42sAL2eD8T","endpoint":"https://apm-engine.meteor.com","clientEngineSyncDelay":10000,"enableErrorTracking":true},"appId":"zivmvxxevpdg1xu8kc5","accountsConfigCalled":true,"autoupdateVersion":"b63bfae847acb9cfe642ce499c53741902219d35","autoupdateVersionRefreshable":"6bb469fad9a6afa3ba3eb9dfb4e11067a35116ca","autoupdateVersionCordova":"325d666b7e9b79c77b59f2c48bc20ad9ed61033a"};

Private Data

{F238410}

"PUBLIC_SETTINGS":{"analyticsSettings":{"Google Analytics":{"trackingId":"UA-62872512-1"}`
* `Intercom":{"appId":"nmyyq5i5"}

Keen IO project id writeKey

Keen IO":{"projectId":"556cb72a2fd4b162515c7ef8","writeKey":"dc0bfcfdeb1073312ebf28588828f224162ce8a2de411bbb563909191bfe4f6fc2f89749d64bc29ef1326e6f9520a7eec85ac68d1631abd3a211fea234f0b8f1d211bcd1a4f89d1a2ca7bdd5393dcc616155ba2eb65f0f26c14ecff30cef6958"}}

Facebook App ID

"fbAppId":"365463763640085"}

Intercom id

intercom":{"id":"nmyyq5i5"}

Stripe PublishKey

stripe":{"publishableKey":"pk_live_aa7H8nClyv2IIShaDJGqDs9A"}

PublishKey

"publishableKey":"pk_live_aa7H8nClyv2IIShaDJGqDs9A"}},"ROOT_URL":"https://app.legalrobot.com","ROOT_URL_PATH_PREFIX":""

kadira

"kadira":{"appId":"fqm5S7o42sAL2eD8T","endpoint":"https://apm-engine.meteor.com"

App ID

"appId":"zivmvxxevpdg1xu8kc5"

See also on a report #124100

{F238415}

Looking forward to hearing from @legalrobot security team.

Warm Regard,
@4w3

JSON