LogicalBreach Academy

Information Disclosure & Credential Leaks — Collections · LogicalBreach Academy

Writeups Cheatsheets Tools Collections Authors Noc Pricing

Information Disclosure & Credential Leaks

From an exposed .env that opens an entire email account to unauthenticated APIs leaking PII of 500+ employees. The bug class where severity is defined by what is exposed, not the technique.

6Resources

Save to My Collections

Credential Disclosure via Unvalidated directDownloadUrl (Missing DontAddCredentialsAttribute)

Public Exposure of Internal API Models (.smd)

Information Disclosure — Unauthenticated API Exposes PII of 500+ Employees and Enterprise Clients

Sensitive Data Exposure via JSON-RPC (Whistleblowing Channel)

Unauthorized usage of External API Key (Usage of Google Maps API Key ==> $$$

Exposed .env File Leading to Full Email Account Takeover

Premium writeups about bug bounty hunting and web security.
Written by real security researchers.

Navigation

Writeups Cheatsheets Tools Authors Noc Pricing

Contactcontact@logicalbreach.com

© 2026 LogicalBreach Academy.

RSS FeedPrivacy PolicyTerms of Service