.png)
3 months ago
29 BOOK THIS SPACE FOR AD
ARTICLE ADHello Bug Hunters, Let’s start my second writeups on Bug Hunting.
I am just thinking about, what if i got valid bug on Google? Then I’m going for it & surprisedly I got it. (Just Kidding)
See My Report. (Google VRP) ->
Summary: Exposed “Google Cloud RADIS G4 Superset Dashboard” without authentication, potentially revealing sensitive data.
The vulnerability is known to third parties!
Program: Google VRP
URL: http://107.167.xxx.xxx:8080/superset/welcome/
Vulnerability type: Sensitive data exposure
I recently discovered a potentially exposed Google Cloud RADIS G4 Superset Dashboard that may present a security risk. The dashboard appears to be publicly accessible without proper authentication or security measures.
Details:
Type of Issue: Exposed Google Cloud RADIS G4 Superset DashboardDescription: The dashboard is accessible without authentication, which could allow unauthorized users to view and interact with potentially sensitive data.Steps to Reproduce:
-> I using this google dork “inurl:8x8x:xxxxxxxxx” (Dork isHidden for all)-> After few deep analyses then i found the google cloud “G4 Superset Dashboard” direct accessible without authentication.IP: The Dashboard IP address “107.167.xxx.xxx”More Info:
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
8080/tcp open http-proxy
URL: The Dashboard direct “http://107.167.xxx.xxx:8x8x/superset/welcome/"
Please let me know if you need further details or assistance in addressing this issue. I am available to provide more information if necessary.
Regards, Kazi Hashibur Rahman
Attack scenario:
Who can exploit the vulnerability: Any unauthorized user with internet access who discovers the exposed Google Cloud RADIS G4 Superset Dashboard can exploit this vulnerability.
What they gain when doing so: They gain access to potentially sensitive data displayed on the dashboard, which may include confidential business information, operational metrics, and other critical data that should not be publicly accessible. This unauthorized access can lead to data breaches, information leakage, and other security risks.
PoC (Proof of Concept):
===============================================================
Thanks for reading.
Tips: Recon is most powerful & helpful. This bug found by that through.
Tips More: Use Google dork i just use google dork for targeting google :_)
Respect+ our Team Members who actually help us for this bug they also part of this HoF.
->
Founder & CEO — t.me/oghbnz
Co-Founder & Manager — t.me/BNJ_9AM
Senior Admin — t.me/organic_root
HoF:
Join Telegram Community — https://t.me/tch_community
Subscribe on YouTube — https://www.youtube.com/@RootMate?sub_confirmation=1
If you have any qus ? — rhashibur75@gmail.com
Bengali (Bangladesh) · 
English (United States) ·