LeakedIn Logo
Stories About Data Leaks and Related Stuff

Posts Tagged ‘URL with Credentials’

« Older Entries

Potential leak of data: URL with Credentials

Posted by PasteMon on May 16th, 2013

1 votedvote

Detected 3 occurrence(s) of ‘[ht|f]tp[s]*:\/\/\w+\:.*\@\w*\.\w*’: 

host        | url-path          searchpart       fragment
|      |    password           port
|      user
scheme
	
path <- url("file:///C:/temp/test.html")
readLines(path)
	
path <- url("http://user:password@141.78.x.x/desiredDirectory")
path <- url("http://user:password@141.78.x.x:80/desiredDirectory")

Source: http://pastebin.com/raw.php?i=10yjjtnf

Potential leak of data: URL with Credentials

Posted by PasteMon on May 16th, 2013

0 votedvote

Detected 2 occurrence(s) of ‘[ht|f]tp[s]*:\/\/\w+\:.*\@\w*\.\w*’: 

i.domain.com/api/work/'
data='parameter=value'
req = urllib2.Request(uri,data,headers)
# Make request to fetch url.
result = urllib2.urlopen(req)
urllib2.HTTPError: HTTP Error 401: Unauthorized
	
curl -H 'X-Requested-With: SO demo' -d 'parameter=value' https://username:password@api.domain.com/api2/call.php
	
import urllib2
# Create a password manager.
password_mgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
# Add the username and password.
top_level_url = 'https://api.server.com'
password_mgr.add_password(None, top_level_url, 'username',

Source: http://pastebin.com/raw.php?i=aw5mjcwn

Potential leak of data: URL with Credentials

Posted by PasteMon on May 16th, 2013

0 votedvote

Detected 1 occurrence(s) of ‘[ht|f]tp[s]*:\/\/\w+\:.*\@\w*\.\w*’: 

return $.getJSON('xyx.com/restapi/login?userid=aaa&pass=qqq'+"&xslt=json.xsl&
callback=?",function(jsonResult)
{
    if(jsonResult.response.status   ==  'success')
    {
        ...
        ...
    }
},"jsonp");

http://msf:sks1l*@xyx.com/restapi/login?userid=aaa&pass=qqq

$.ajax({
  url: url,
  dataType: 'json',
  data: data,
  success: callback
});
	
$.ajax({
  url: "http://xyx.com/restapi/login?userid=aaa&pass=qqq",
  dataType: 'json',
  success: function(jsonResult) {
      /* you

Source: http://pastebin.com/raw.php?i=qq0z7MSs

Potential leak of data: URL with Credentials

Posted by PasteMon on May 16th, 2013

0 votedvote

Detected 1 occurrence(s) of ‘[ht|f]tp[s]*:\/\/\w+\:.*\@\w*\.\w*’: 

$("#attached-images").append("<li><img src='http://localhost:3000<%= @attached_image.image.url %>'></img></li>")
	
$("#attached-images").append("<li><%= image_tag @attached_image.image.url %></li>")
	
<div id="upload-and-insert-image-dialog"> 
<%= form_for :attached_image, :remote => true, :url => attached_images_path(), :html => { :class =

Source: http://pastebin.com/raw.php?i=rt4LdCdt

Potential leak of data: URL with Credentials

Posted by PasteMon on May 15th, 2013

0 votedvote

Detected 1 occurrence(s) of ‘[ht|f]tp[s]*:\/\/\w+\:.*\@\w*\.\w*’: 

-e git+https://username:password@github.com/kennethreitz/requests.git@v0.10.0#egg=requests

Source: http://pastebin.com/raw.php?i=0TbBhZv3

« Older Entries