FALHA NO CODIGO FONTE

vinjir

Hello,
I found a FAULT in the source code of the url: https://en.onlinesoccermanager.com/Training

That allows you to see the apiKey, if a malicious person sees it, he can enter the api and see CONFIDENTIAL things.

API KEY: apiKey: "AIzaSyAL7nxfgJ8Dk6OhHnPbl0WrNnODjblnywc" ,

SITE CODIGO FONTE: view-source:https://en.onlinesoccermanager.com/Training

bolded text

FC Eddie_NL

@vinjir

Hi there,

Thank you for pointing this out. I've forwarded this.

vinjir

@FC-Eddie_NL said in FALHA NO CODIGO FONTE:

@vinjir

Hi there,

Thank you for pointing this out. I've forwarded this.

thanks,I did my best, I had noticed it before but I wasn't sure, I dug deeper and I saw the flaw and I saw how dangerous it

FC Eddie_NL

@vinjir

Apparently this is intended as there is no way around it due to some javascript limitations. Thanks again for pointing it out though