search

tranfuga25s / turneraonline

Sistema de Turnos Online
14 stars 5 forks source link

Remove security code for facebook app #177

Open tranfuga25s opened 10 years ago

tranfuga25s commented 10 years ago

Hello,

We are conducting research on the unintended exposure of secrets in GitHub repositories. In a recent scan we conducted of GitHub repositories, our tool detected that one of your repositories appears to expose a secret. The details are below:

# Branch: auditoria
## File: turneraonline/app/Config/facebook.php
## Line: 7
## Source: 'appId' => '191493522205',

# Branch: auditoria
## File: turneraonline/app/Config/facebook.php
## Line: 9
## Source: 'secret' => '157a9913a26efe6f76364597dfde3922',

Affected File: https://github.com/tranfuga25s/turneraonline/blob/auditoria/app/Config/facebook.php

------------------------------

# Branch: dashboard
## File: turneraonline/app/Config/facebook.php
## Line: 7
## Source: 'appId' => '191493522205',

# Branch: dashboard
## File: turneraonline/app/Config/facebook.php
## Line: 9
## Source: 'secret' => '157a9913a26efe6f76364597dfde3922',

Affected File: https://github.com/tranfuga25s/turneraonline/blob/dashboard/app/Config/facebook.php

------------------------------

# Branch: demodb
## File: turneraonline/app/Config/facebook.php
## Line: 7
## Source: 'appId' => '191493522205',

# Branch: demodb
## File: turneraonline/app/Config/facebook.php
## Line: 9
## Source: 'secret' => '157a9913a26efe6f76364597dfde3922',

Affected File: https://github.com/tranfuga25s/turneraonline/blob/demodb/app/Config/facebook.php

------------------------------

# Branch: editor
## File: turneraonline/app/Config/facebook.php
## Line: 7
## Source: 'appId' => '191493522205',

# Branch: editor
## File: turneraonline/app/Config/facebook.php
## Line: 9
## Source: 'secret' => '157a9913a26efe6f76364597dfde3922',

Affected File: https://github.com/tranfuga25s/turneraonline/blob/editor/app/Config/facebook.php

------------------------------

# Branch: facebook
## File: turneraonline/app/Config/facebook.php
## Line: 7
## Source: 'appId' => '191493522205',

# Branch: facebook
## File: turneraonline/app/Config/facebook.php
## Line: 9
## Source: 'secret' => '157a9913a26efe6f76364597dfde3922',

Affected File: https://github.com/tranfuga25s/turneraonline/blob/facebook/app/Config/facebook.php

------------------------------

# Branch: master
## File: turneraonline/app/Config/facebook.php
## Line: 7
## Source: 'appId' => '191493522205',

# Branch: master
## File: turneraonline/app/Config/facebook.php
## Line: 9
## Source: 'secret' => '157a9913a26efe6f76364597dfde3922',

Affected File: https://github.com/tranfuga25s/turneraonline/blob/master/app/Config/facebook.php

------------------------------

# Branch: notificaciones
## File: turneraonline/app/Config/facebook.php
## Line: 7
## Source: 'appId' => '191493522205',

# Branch: notificaciones
## File: turneraonline/app/Config/facebook.php
## Line: 9
## Source: 'secret' => '157a9913a26efe6f76364597dfde3922',

Affected File: https://github.com/tranfuga25s/turneraonline/blob/notificaciones/app/Config/facebook.php

------------------------------

# Branch: testdisponibilidad
## File: turneraonline/app/Config/facebook.php
## Line: 7
## Source: 'appId' => '191493522205',

# Branch: testdisponibilidad
## File: turneraonline/app/Config/facebook.php
## Line: 9
## Source: 'secret' => '157a9913a26efe6f76364597dfde3922',

Affected File: https://github.com/tranfuga25s/turneraonline/blob/testdisponibilidad/app/Config/facebook.php

------------------------------

If this information is indeed intended to be secret, we would recommend that you remove this file from the repository (using .gitignore) and generate new passwords for the vulnerable accounts. We would much appreciate a response, letting us know if we are mistaken in concluding that this is a secret, or if you made changes as a result of this report.

Thank you.