Leaked Valid Credentials on NASA Subdomain - CrowdStream

Summary by MiguelSantareno

On this report, I was able to get a username and password using Google Dorks.
That credential was exposed on a webpage, and it was from the developer.
I was able to log in to a specific application, and after digging a little into the application, I was able to access and download a collection called "Mars 2020 Genetic Inventory".

Activity

Martin Customer published the disclosure report
2 months ago(30 Jan 2025 16:04:11 UTC)
MiguelSantareno updated the disclosure summary
2 months ago(27 Jan 2025 00:31:57 UTC)
MiguelSantareno requested disclosure
2 months ago(24 Jan 2025 08:57:27 UTC)
Medx Customer changed the state to Resolved
a year ago(25 Jan 2024 14:22:14 UTC)
Medx Customer sent a message
a year ago(25 Jan 2024 14:22:06 UTC)
Medx Customer sent a message
a year ago(18 Jan 2024 22:49:08 UTC)
Cesar_Sanchez Customer changed the state to Unresolved
a year ago(09 Jan 2024 13:58:35 UTC)
Tal_Bugcrowd sent a message
a year ago(07 Jan 2024 12:00:23 UTC)
Tal_Bugcrowd changed the state to Triaged
a year ago(07 Jan 2024 11:58:54 UTC)
MiguelSantareno sent a message
a year ago(05 Jan 2024 23:39:17 UTC)
MiguelSantareno resolved a blocker for Bugcrowd Operations by providing information on reproduction
a year ago(05 Jan 2024 19:39:51 UTC)
MiguelSantareno sent a message
a year ago(05 Jan 2024 19:39:50 UTC)
Raven_Bugcrowd created a blocker on the researcher to provide information on reproduction
a year ago(05 Jan 2024 19:19:59 UTC)
Raven_Bugcrowd sent a message
a year ago(05 Jan 2024 19:19:54 UTC)
MiguelSantareno created the submission
a year ago(05 Jan 2024 14:29:07 UTC)