Facebook, SendGrid, LinkedIn, AWS, and Slack API Tokens (Exclusive)

[whlx]

Hello, b1nd users. Here we provide data, it contains sensitive information such as secret keys for various services like Facebook, SendGrid, LinkedIn, AWS, and Slack API tokens. Here's a breakdown of the sensitive information we leaked:

1. Facebook Secret Keys:
   • Located in several settings files of different projects.
   • Each entry contains a SOCIAL_AUTH_FACEBOOK_SECRET key with its corresponding secret value.
2. SendGrid Tokens:
   • Located in a PHP file Constant.php of an odwin project.
   • Contains a SENDGRID_API_KEY definition with its corresponding token.
3. LinkedIn Client IDs:
   • Found in the UserConnectComponent.php file of different projects.
   • Each entry contains a LinkedIn client ID used for authentication.
4. AWS Secret Keys:
   • Found in various files across different projects.
   • Each entry contains an AWS secret access key used for accessing AWS services.
5. Slack API Tokens:
   • Found in the campaign_profiles_controller.rb file of a project.
   • Each entry contains a Slack API token used for sending messages to Slack channels.

Guys it's crucial to ensure that such sensitive information is properly secured and not exposed to unauthorized access.



facebook_secret_keys

[+] Facebook Secret Key
| ./3_94_2_67-9000/mb-infosolution-assginment_master--CG--1606146205138/manager/settings.py
| 202:SOCIAL_AUTH_FACEBOOK_SECRET = 'c3a36a9fc279ce0d0ac77a975f1d47f7' # App Secret
|
| ./3_94_2_67-9000/Foto-Dino-Refactor_main--CG--1630976150322/Foto_Dino/Foto_Dino/Foto_Dino/settings.py
| 185:SOCIAL_AUTH_FACEBOOK_SECRET = "02bea459e68a8af476a1feed4398bffa"
|
| ./3_94_2_67-9000/foto-dino_admin-views-update--CG--1630976149280/FotoDino/settings.py
| 187:SOCIAL_AUTH_FACEBOOK_SECRET = "02bea459e68a8af476a1feed4398bffa"
|
| ./3_94_2_67-9000/edunaa-backend_devops-docker-fix--CG--670dbce6f267cb12b389a31fc1a9974d944de9e6--CG--636/edunaa/edunaa/edunaa/edunaa/edunaa/settings/settings.py
| 115:SOCIAL_AUTH_FACEBOOK_SECRET = 'eb71dc783b0e0eb72810e79353290c88'
|
| ./3_94_2_67-9000/Edunaa-Backend_dev-prasad-to-development--CG--636--CG--99/edunaa/edunaa/edunaa/edunaa/edunaa/settings/settings.py
| 116:SOCIAL_AUTH_FACEBOOK_SECRET = 'eb71dc783b0e0eb72810e79353290c88'
|
| ./3_94_2_67-9000/Edunaa-Backend_staging-to-uat--CG--636--CG--92/edunaa/edunaa/edunaa/edunaa/edunaa/settings/settings.py
| 116:SOCIAL_AUTH_FACEBOOK_SECRET = 'eb71dc783b0e0eb72810e79353290c88'

sendgrid_tokens

[+] SendGrid Token
| Use the command below to verify that the SendGrid Token is valid.
| $ curl -X "GET" "https://api.sendgrid.com/v3/scopes" -H "Authorization: Bearer SENDGRID_TOKEN_HERE" -H "Content-Type: application/json"
|
| API Documentation: https://docs.sendgrid.com/api-reference
|
| ./odwin/odwen_master--CG--da2a6b38c800cbb770f0a4099fb7cfc5876877d2--CG--2095/app/app/Config/Constant.php
| 455://define('SENDGRID_API_KEY', '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');
| 456:define('SENDGRID_API_KEY', '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'); //odwen-labs@odwen.co.in
|
| ./odwin/odwen_master--CG--e5ce1c017bcf11e263b15b7ed7d69ffbde282fe9--CG--2095/app/app/Config/Constant.php
| 464://define('SENDGRID_API_KEY', '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');
| 465:define('SENDGRID_API_KEY', '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'); //odwen-labs@odwen.co.in
|
| ./odwin/odwen_master--CG--137932d19a7c4222dfa1545f806e41a4558d67b7--CG--2095/app/app/Config/Constant.php
| 455://define('SENDGRID_API_KEY', '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');
| 456:define('SENDGRID_API_KEY', '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'); //odwen-labs@odwen.co.in

linkedin_client_ids

[+] LinkedIn Client ID
| ./odwin/odwen_ecommerce--CG--c09c9e7dfd24c09d3c898055846a865bc0ec4af0--CG--2095/app/app/Plugin/app/Plugin/Usermgmt/app/Plugin/Usermgmt/Controller/app/Plugin/Usermgmt/Controller/Component/UserConnectComponent.php
| 196: // redirect the user to the LinkedIn authentication/authorisation page to initiate validation.
|
| ./odwin/odwen_master--CG--da2a6b38c800cbb770f0a4099fb7cfc5876877d2--CG--2095/app/app/Plugin/app/Plugin/Usermgmt/app/Plugin/Usermgmt/Controller/app/Plugin/Usermgmt/Controller/Component/UserConnectComponent.php
| 196: // redirect the user to the LinkedIn authentication/authorisation page to initiate validation.
|
| ./odwin/odwen_master--CG--137932d19a7c4222dfa1545f806e41a4558d67b7--CG--2095/app/app/Plugin/app/Plugin/Usermgmt/app/Plugin/Usermgmt/Controller/app/Plugin/Usermgmt/Controller/Component/UserConnectComponent.php
| 196: // redirect the user to the LinkedIn authentication/authorisation page to initiate validation.

aws_secret_keys

[+] AWS Secret Key
| ./167_172_60_30-9000/cyber-be/devops-zap/eip/change_ip.py
| 44: client_cyber = boto3.client('route53', region_name="eu-west-2", aws_access_key_id='AKIASLOVAPLXJYKW5NEN', aws_secret_access_key='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')
|
| ./3_94_2_67-9000/Winkl-api_master--CG--1610708566358/config/sitemap.rb
| 13: aws_secret_access_key: "97qzAbFfMHm+VFr5aZMrUHv4WlXgtDzs4TPin/Fy",
| 31: aws_secret_access_key: "97qzAbFfMHm+VFr5aZMrUHv4WlXgtDzs4TPin/Fy",
|
| ./3_94_2_67-9000/Winkl-api_master--CG--1610708566358/app/app/controllers/affiliates_controller.rb
| 4: AWS_SECRET_KEY = "aC50w/aFZJSedp0nANl6i7OK/Ws3VMj3tTDI99GT"
|
| ./3_94_2_67-9000/Winkl-api_forgot_password_api--CG--d5247f792b4d2c423fc7883e9adc0e955412b894--CG--1694/config/sitemap.rb
| 13: aws_secret_access_key: "97qzAbFfMHm+VFr5aZMrUHv4WlXgtDzs4TPin/Fy",
| 31: aws_secret_access_key: "97qzAbFfMHm+VFr5aZMrUHv4WlXgtDzs4TPin/Fy",

slack_api_tokens

[+] Slack API token
| Use the command below to verify that private key is valid:
| $ curl -sX POST "https://slack.com/api/auth.test?token=xoxp-TOKEN_HERE&pretty=1"
|
| API Documentation: https://api.slack.com/web
|
| ./3_94_2_67-9000/Winkl-api_forgot_password_api--CG--d5247f792b4d2c423fc7883e9adc0e955412b894--CG--1694/app/app/controllers/campaign_profiles_controller.rb
| 434: HTTParty.post("https://slack.com/api/chat.postMessage?token=xoxp-191928386964-191976206613-362151076802-76c01eca4e9dd2062cbb0b0eaa67d409&channel=%23campaign_updates&text=Campaign Manager: #{@campaign_profile.email_id} has joined Winkl.")
| 4329: HTTParty.post("https://slack.com/api/chat.postMessage?token=xoxp-191928386964-191976206613-362151076802-76c01eca4e9dd2062cbb0b0eaa67d409&channel=%23campaign_updates&text=New Post Submitted for #{campaign.name}. Click http://campaignmanager.winkl.co/#{campaign.id}/ReviewContent?userId=#{cp.campaign_profile_id} to view",body: {}, headers: {})
| 4394: HTTParty.post("https://slack.com/api/chat.postMessage?token=xoxp-191928386964-191976206613-362151076802-76c01eca4e9dd2062cbb0b0eaa67d409&channel=%23campaign_updates&text=Content submitted for review for #{campaign.name}. Click http://campaignmanager.winkl.co/#{campaign.id}/ReviewContent?userId=#{cp.campaign_profile_id} to view",body: {}, headers: {})
| 5801: HTTParty.post("https://slack.com/api/chat.postMessage?token=xoxp-191928386964-191976206613-362151076802-76c01eca4e9dd2062cbb0b0eaa67d409&channel=%23campaign-chat-messages&text=New Message - User: #{@current_user.full_name}, Campaign: #{campaign.name}")
| 5802: HTTParty.post("https://slack.com/api/chat.postMessage?token=xoxp-191928386964-191976206613-362151076802-76c01eca4e9dd2062cbb0b0eaa67d409&channel=%23campaign-chat-messages&text=Message : #{message_content}")
| 5805: HTTParty.post("https://slack.com/api/chat.postMessage?token=xoxp-191928386964-191976206613-362151076802-76c01eca4e9dd2062cbb0b0eaa67d409&channel=%23campaign-chat-messages&text=New Message - User: #{@current_user.full_name}, Campaign: #{campaign.name}")
| 5806: HTTParty.post("https://slack.com/api/chat.postMessage?token=xoxp-191928386964-191976206613-362151076802-76c01eca4e9dd2062cbb0b0eaa67d409&channel=%23campaign-chat-messages&text=A file has been shared")
| 5854: HTTParty.post("https://slack.com/api/chat.postMessage?token=xoxp-191928386964-191976206613-362151076802-76c01eca4e9dd2062cbb0b0eaa67d409&channel=%23campaign_updates&text=Denied product delivery status. Campaign name: #{campaign.name} Brand name: #{campaign.brand.name} User name: #{campaign_profile.name} User email: #{campaign_profile.email_id}")

Additionally, consider rotating these keys regularly and following best practices for securing API keys and tokens.

Good luck!