[Sanggiero]

thanks you for sharing it.

You're welcome.

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Suspected to be involved with Law Enforcement.

[cateye84]

Format - JSON
Size RAR file - 285MB
Date - 2023
All Rows - 890412
Website - renewbuy.com

An example with only one username, imagine with 1M.

Did you leak this? If yes, did you manage to download the S3 linked files too?

Unfortunately, I didn't bother to install the images from S3, there was a large amount of data. These are the kind of developers that generate signatureless JWT tokens, you know?
After a few months of attack I went back just now to see if the vulnerability is still present, turns out yes, they left publicly the AWS credentials allowing access to S3 and SQS in the API no authentication required. 
The lesson I learned, never trust Indian infrastructure, they are usually not protected at all.

https://i.postimg.cc/QN6CbPp6/Screenshot-6.png

Very interesting. Could you share a bit more about the vulnerability? Was this info present in the jwt?

[Sanggiero]

Format - JSON
Size RAR file - 285MB
Date - 2023
All Rows - 890412
Website - renewbuy.com

An example with only one username, imagine with 1M.

Did you leak this? If yes, did you manage to download the S3 linked files too?

Unfortunately, I didn't bother to install the images from S3, there was a large amount of data. These are the kind of developers that generate signatureless JWT tokens, you know?
After a few months of attack I went back just now to see if the vulnerability is still present, turns out yes, they left publicly the AWS credentials allowing access to S3 and SQS in the API no authentication required. 
The lesson I learned, never trust Indian infrastructure, they are usually not protected at all.

https://i.postimg.cc/QN6CbPp6/Screenshot-6.png

Very interesting. Could you share a bit more about the vulnerability? Was this info present in the jwt?

I explained it above, the JWT token had no signature which allowed me to do an account takeover and access any account without authorization and steal information. Since when do developers forget to put a JWT signature, it's essential, you only have Indians to do this kind of bullshit.
I found about 20 vulnerabilities in a few days in the company, finding IDORs, SSRFs, misconfigurations and so on. Most of the vulnerabilities in criticality ranged from P3 to P1 (so that's pretty serious).

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Suspected to be involved with Law Enforcement.

[henshouhuanying]

nice one! good

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Suspected Scamming | Contact us via http://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion/contact if you feel this is incorrect.

[Hustle247]

Can you please upload it to another server? Anonfiles is down

[Game]

Can you put on another site while anonfiles is down? I appreciate it!

[liqiu0810]

thanks you so much!

[pine]

The link in this thread is dead. Please reply to the PM you were sent to get your thread moved back to the Databases section.

[pine]

Hello,

The link on this thread has been updated as of this post.

[rockbin123456]

Good!!~~I want it!!~~~