OK, that may be the laziest headline I’ve written in while.
Want to be somewhat shocked and appalled? Search ‘mbasanta@vmtestdrive.com’ in Shodan:
https://www.shodan.io/search?query=mbasanta%40vmtestdrive.com
Helpfully you get the username, password, security tokens to use in the results:
And there are a lot of them, all from the same company, all vmware on salesforce for login. Some with ‘Ellucian’, an e-learning connector, some not.
Don’t worry, the api key, username, password, they are always the same. You don’t need to bother scraping 🙂
protip: A good way to find exposed api’s is to search for ‘apiVersion’
Leave a Reply