search

streaak / keyhacks

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
5.06k stars 1.05k forks source link

WP Engine #18

Closed hateshape closed 5 years ago

hateshape commented 5 years ago

WPENGINE_APIKEY usually found in: https://site.com/_wpeprivate/config.json

Verify WPENGINE_APIKEY here: curl https://api.wpengine.com/1.2/?method=site&account_name=ACCOUNT_NAME&wpe_apikey=WPENGINE_APIKEY

Exploit with: https://gist.github.com/hateshape/2e671ea71d7c243fac7ebf51fb738f0a

streaak commented 5 years ago

Hey, thanks for sending this in.