December 18, 2023

Disclosure: Remote Data Service

Our team occasionally scans APIs for various customer and research purposes, or in connection with a specific request. As we do this, we sometimes find vulnerabilities from third-party organizations. This article is part of an ongoing series of posts following some API vulnerabilities FireTail researchers have uncovered in the process…

FireTail researcher Viktor Markopoulos discovered that various APIs belonging to a data service were leaking their GitHub repositories, which contained the API backend source codes. In other words, anyone with a basic understanding of APIs and GitHub could steal the source codes and use them maliciously.

Some of these APIs also appeared to be vulnerable to SQL injection, based on his review of the source code.

To date, this vulnerability has not been fixed.

Lina Romero

Viktor Markopoulos

Security Researcher

Browse all posts

October 22, 2024

FireTail Joins Wiz Integration (WIN) Platform

Technology Partnership Enables Mutual Customers to Reduce Cloud Risk and Enhance API Security



October 16, 2024

Disclosure: Multiple Vulnerabilities in Granicus eFiling Platform

Granicus, a platform offering government solutions including an efiling platform called eUniversa, was recently discovered to be vulnerable to outside attack.



October 16, 2024

Star Health Data Leak: The Call is Coming from Inside the House

Star Health suffered a massive data leak via API access. The personal information of millions of victims has been compromised, and worst of all, there may have been an insider who facilitated the breach.

