Possible Vulnerability

[HKResearch]

Hello,

We are conducting research on the unintended exposure of secrets in GitHub repositories. In a recent scan we conducted of GitHub repositories, our tool detected that one of your repositories appears to expose a secret, and we've confirmed this possibility by manual inspection. The details are below:

# Branch: master
## File: LifesportsUSA/LifesportsUSA-Files/2014/wp-config.php
## Line: 24

# Branch: master
## File: LifesportsUSA/LifesportsUSA-Files/2014/wp-config.php
## Line: 30

# Branch: master
## File: LifesportsUSA/LifesportsUSA-Files/2014/wp-config.php
## Line: 27

If this information is indeed intended to be secret, we would recommend that you remove this file from the repository (using .gitignore) and generate new passwords for the vulnerable accounts. We would much appreciate a response, letting us know if we are mistaken in concluding that this is a secret, or if you made changes as a result of this report.

Thank you.

[skygatemedia]

We don’t use GITHUB for this reason. The 2nd vulnerability should be stated as “working with idiots.”

Regards,

premiumwebdesigners

Jesse K. Case - Creative Director | SKYGATE MEDIA | Office: 212. 807. 4155

CT Studio: 203. 810. 4000 | jc@skygatemedia.com | 315 Madison Ave., 9th Fl. NY, NY 10017

From: HKResearch [mailto:notifications@github.com] Sent: Thursday, July 03, 2014 3:23 PM To: skygatemedia/LifesportsUSA Subject: [LifesportsUSA] Possible Vulnerability (#1)

Hello,

We are conducting research on the unintended exposure of secrets in GitHub repositories. In a recent scan we conducted of GitHub repositories, our tool detected that one of your repositories appears to expose a secret, and we've confirmed this possibility by manual inspection. The details are below:

Branch: master

File: LifesportsUSA/LifesportsUSA-Files/2014/wp-config.php

Line: 24

Branch: master

File: LifesportsUSA/LifesportsUSA-Files/2014/wp-config.php

Line: 30

Branch: master

File: LifesportsUSA/LifesportsUSA-Files/2014/wp-config.php

Line: 27

If this information is indeed intended to be secret, we would recommend that you remove this file from the repository (using .gitignore) and generate new passwords for the vulnerable accounts. We would much appreciate a response, letting us know if we are mistaken in concluding that this is a secret, or if you made changes as a result of this report.

Thank you.

— Reply to this email directly or view it on GitHub https://github.com/skygatemedia/LifesportsUSA/issues/1 . https://github.com/notifications/beacon/6245170__eyJzY29wZSI6Ik5ld3NpZXM6QmVhY29uIiwiZXhwaXJlcyI6MTcyMDAzNDU4OCwiZGF0YSI6eyJpZCI6MzYyMDIxNjB9fQ==--832a87ab1915b6b041e8d16c8f447de5ac0299fa.gif