InfluxDB Access at

Hi long times no see.I have 13 triaged report to write.I think it delay due to covid 19.Today i want to share how i found bug at 8x8.

I use to search some service.

Dork :

and i found one InfluxDB service.I googling for InfluxDB.

Authentication is disabled by default. All HTTP requests are executed when authentication is disabled.

I found this thread.InfluxDB’s auth is disable by default.So i try to send some query using curl.

I got all databases list.

I got users list.

I report to 8x8 via hackerone.8x8 accepted my report and now resolved.

Thank for reading .See you in next bug and stay at home.