.png)
3 years ago
151 BOOK THIS SPACE FOR AD
ARTICLE AD
Hi long times no see.I have 13 triaged report to write.I think it delay due to covid 19.Today i want to share how i found bug at 8x8.
I use shodan.io to search some service.
Dork : hostname:8x8.com
and i found one InfluxDB service.I googling for InfluxDB.
Authentication is disabled by default. All HTTP requests are executed when authentication is disabled.
I found this thread.InfluxDB’s auth is disable by default.So i try to send some query using curl.
curl -G "http://redact:8086/query" --data-urlencode 'q=show databases'
I got all databases list.
curl -G "http://redact:8086/query" --data-urlencode 'q=show users'
I got users list.
I report to 8x8 via hackerone.8x8 accepted my report and now resolved.
Thank for reading .See you in next bug and stay at home.
Bengali (Bangladesh) · 
English (United States) ·