Bash Injection

[pro-coder69]

Fill in the blanks

MONGO_URL=mongodb+srv://groff:groff___@cluster0-jtj9m.mongodb.net/_______?retryWrites=true&w=majority
MONGO_PASS=groff___
YOUR_CLIENT_SECRET=DPnUJnSAQm__-caUy_Kk_tUz
CLIENT_SECRET=jeLeMtdWs____T7dE__CEz_Yd

No point trying to fix it I'll get it again :1st_place_medal:

[issue-label-bot[bot]]

Issue-Label Bot is automatically applying the label feature_request to this issue, with a confidence of 0.59. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

[L04DB4L4NC3R]

Going to be fixed in a recent commit. Haha you are welcome to try. We will be happy to maKe our project more secure using the inputs we get from your attacks :)

[L04DB4L4NC3R]

We will add the link in the repo once we have this project in production

[pro-coder69]

Is it fixed? @L04DB4L4NC3R

[pro-coder69]

CLIENT_ID=1077010214943-1pdf3q1jcf0r89pt1hqfkec1i93uatnf.apps.googleusercontent.com
CLIENT_SECRET=jeLeMtdWsainT7dE55CEz6Yd
BACKEND_PORT=3000
MONGO_PASS=groff123
MONGO_URL=mon-godb+srv://groff:groff123@cluster0-jtj9m.mongodb.net/pragati?retryWrites=true&w=majority
JWT_KEY=secret
YOUR_CLIENT_ID=406278326181-82dqap6rfv8lmdi6bmo7j18jrfj2k45c.apps.googleusercontent.com
YOUR_CLIENT_SECRET=DPnUJnSAQm13-caUy0Kk1tUz
YOUR_REDIRECT_URL=https://local-host:3000/auth/google
NUM_HASH=11
HASH_TYPE=B4c0/

Nice try but there's still issues. No censorship this time. :parachute:

[L04DB4L4NC3R]

The latest changes are not in prod right now. Will open this if this is still an issue after they are deployed

[pro-coder69]

The latest changes are not in prod right now. Will open this if this is still an issue after they are deployed

But the changes were deployed, it's still broken.

[hash-king]

LMAO @pro-coder69 @L04DB4L4NC3R I

[hash-king]

Tic Toc Tic Toc groff.%%%%%%.%%% editor.%%%%%%.%%%

[1UC1F3R616]

@pro-coder69 thanks for the help again, I have started counting you as a valuable person now. You could have done whatever harm you want once getting into the server but instead of that you helped and waited for a fix, people really don't understand the impact unless not shown.

[raysandeep]

@pro-coder69 Thanks for your help! Feel free to join our Discord Server: https://discord.com/invite/cWyEXgV Our Discord server helps external contributors reach out to us and help us improve our projects and take them to the next level by providing their own contributions.

[1UC1F3R616]

@pro-coder69 We have fixed all the identified bugs and it's in production mode now. We welcome you to pentest the web app. But you must be following code-of-conduct added to the repository, do read it before.

Url: editor.dscvit.com Backend: groff.dscvit.com

Peace ✌🏻 be 1337 🥇

leaked ssh private keys are also known to us. cm8qKm4=

[pro-coder69]

Sorry, I was busy with newer, interesting projects by other people. By the way, nice COC.

MONGO_PASS=6jnUWHDb68PQe4yx
JWT_KEY=bxJ6KZ4yEX9yjzUk
REDIRECT_URI=https://editor.dscvit.com/home
NUM_HASH=10CLIENT_ID=1077010214943-1pdf3q1jcf0r89pt1hqfkec1i93uatnf.apps.googleusercontent.com
CLIENT_SECRET=jeLeMtdWsainT7dE55CEz6Yd
PORT=3000
MONGO_URL=mongodb+srv://groff:6jnUWHDb68PQe4yx@cluster0.lcstw.mongodb.net/groff?retryWrites=true&w=majority
HASH_TYPE=B4c0/

@L04DB4L4NC3R @1UC1F3R616 @hash-king @raysandeep

I am fresher please take me in DSC bhaiya!

[mdhishaamakhtar]

@L04DB4L4NC3R re open this issue

[raysandeep]

Hey @pro-coder69,

We appreciate your interest in our project. Our team of developers have identified the underlying issue. We had not considered the .so Groff command which let others output the .env file onto their pdf. We would have never been able to do it without your help and we really appreciate your contribution to our project.

We would like to welcome you to our discord server and our telegram outer circle channel. Regarding recruitments, follow our Instagram page and other social media channels to get updated regarding recruitments. Please feel free to contact us if you find anything else!  🥂