This is fun, I have some time left, so I wondered, lets have some fun with Google Dorks and Trello.
So I tried some combo’s, and I found one which I want to share with you guys.
I used the following dork:
site:trello.com intext:password mysql
And one of the results contained something about a ‘bot’, a Facebook bot to be specific.
So the first thing I tried, I tried the link, and wonder above wonder, the page is still alive.
So ofcourse the next step I take, I check if the environment ‘fbbot.byethost7.com’ is still online.
Once you visit the page, you will land on a traffic distribution system which will forward your request towards an random selected advertisement page.
The owner of this Trello page also added on Trello that the aim of this environment is:
- We aim to learn how to tighten a bot to a site that will be able to communicate with interlocutors, send structured messages with pictures and CTA buttons and sell.
Indicators of compromise: