Hi there, hope you are having a wonderful day. My name is Imran and today I am going to tell you about a famous park that is almost everywhere.

A very strong disclaimer.

Please note that the articles on this website are for educational purposes only. I am not responsible for any illegal activities that may be carried out by users. Hacking or breaking into someone’s website is a serious crime and is subject to state and local laws, which carry severe penalties.

I do not condone or promote any illegal activities, and users are advised to always follow ethical and legal standards.

Recently, I have tried to report the same bug on a very famous website named Tesla, etc. and the same was found in a lot of other places.

The story starts from here, the bug comes from WordPress plugin area. This issue arises when you try to configure the Google Maps API key and it shows up in the console area.

To find all API keys, you can start by checking the developer’s name on a website and then go and check out their portfolio to see where they use this kind of API scheme. This is the first method that I am using.

The second one is to check popular websites that are using the same addressing.

The third one, though not often effective, is to use Google search for results.

Photo by Douglas Lopes on Unsplash

The best way to find all things is to manually check the inspector view of the source code of the website. Most of the time, if we see hacker reports, we will find that they have found JavaScript, but I haven’t found the key in the JavaScript, some not going to lie like other people.

If there is an API key found in the inspector, I check it out to see if it is working or not. Sometimes it can be the key, but this started working just a few days ago. It happened to me when I found an interesting website and reported it. Before reporting, I hadn’t tested the key for the incoming response.

If you are reporting a key, make sure that you are going to test it, take a screenshot, or a complete video. Sometimes these people change the key and say it is not working, and claim that everything is fine from their side, so they are not going to pay you.

So always Chack API HERE

https://maps.googleapis.com/maps/api/geocode/json?latlng=40,30&key=Key

So if the response come true and reflecting some data might be possible you see there administrator level 3 or just like something there so it’s me in the keys working properly

So if you like to find this bag the mention article is containing some information you can use Google to find this kind of shoes but I will not recommend that thing it is too all to find things with Google Dord

Some Example The way I found The key you can find only on Billing website Where you Fill adress ,

This is Tell how Api Get lak

Let’s move to the main story.

So, let’s understand first of all about a Google Maps API key when these keys get leaked.

Everything starts from the JavaScript and some of the plugins on the WordPress plugin store where all things are available. People just go there and enter their private Google API key.

According to me, the best practice is to store the key using PHP or server-side language. Storing a key in a JavaScript public class variable is very dangerous. All things leak in the console when the server tries to render these things and exposes all your information.

Normally, whenever I try to find all things, I try to find things in the console. With experience, I would like to do this thing; otherwise, I have to use the machine learning technique to scan JavaScript and specific parameters variables, so the machine learning method can detect all these things that are going on there.

Most of the time, I use all these methods when I have no API key because for my own project, I made something like this. You know it’s very hard for me to fill in the address every time, so rather than repeatedly go and find some API key and use it and throw it.

I know some of you will say, “Why don’t you report these things?” because I don’t report. I have reported many other security issues, but they do not reply.

So, how was I able to find the API in the console?

The story starts from here. I was visiting a website, and I am not going to mention its name. I was not understanding how this website is actually filling in the addresses because my client was telling me,

“I want the same thing on my website for my customer care information, their addresses, and much more.”

I know this is a pretty headache and requires a lot of attention. The previous company where I was working, I found this comparator and saw there was actually an address filling in their website.

So, for a few days, I was thinking, “Okay, it is picking from the database,” then I realized it is not picking anything from the database; it is taking from Google Maps API.

So, just inspect and open the console and check out what is going on there, and things will be pretty visible there. Then something changed when I found the Google Maps in the console. So, I just opened it and sent a request, and everything changed.

I am still using this API key, and I know this is not the right thing, but what can I do? If I report it, they will not do anything.

So, that’s the story. Hello to WordPress, this ongoing problem is probably going to continue. If one goes against honorable, you might be sure that there will be a lot of the w.

Thank you so much Fox hope your day will be good to learn more things this article the still incomplete and required a lot of detailed information on this one so at the like button drop your comment and I am trying to make a video on it but if I find something good so would let you know but I was definitely update and this article it’s really need to tell information not like other

Leave a Comment

Your email address will not be published. Required fields are marked *