With their easy work management systems, online collaboration tools such as Trello, Jira, Notion, and Monday are used by many companies to run efficient team tasks in the process of work digitization.
However, such online collaboration tools have downsides as major tasks and information are shared where anybody can access them, which could lead to potential data leakage. This is why these internet-based collaboration tools need to be set to private or require authentication procedures. Despite repeated concerns over the security vulnerabilities of online collaboration tools, some users still set them to “public,” allowing anyone to access the information posted on these platforms.
On Criminal IP (https://www.criminalip.io), you can use keywords and the html_meta_description filter to find open collaboration tools defenseless on the internet.
Using Keywords to Search For Vulnerabilities
For example, we searched for the most frequently used collaboration tool Kanban board with the keyword “Kanban” on Criminal IP Asset Search. A total of 5,104 of them were found.
Search Keyword: “kanban”
Result when searched with the keyword “Kanban” on Criminal IP Asset Search
Within the search results, we also discovered dashboards where important information was easily accessible without requiring any login authentication.
An open collaboration tool page without login-authentication
An open collaboration tool page without login-authentication
Using the same mechanism, you can also search for other popular tools like Trello, Jira, Notion, and Monday.
- https://www.criminalip.io/asset/search?query=Trello
- https://www.criminalip.io/asset/search?query=Notion
- https://www.criminalip.io/asset/search?query=Jira
Search Keyword: “Trello”
Search Keyword: “Notion”
Search Keyword: “Jira”
When searching for Jira, for example, a total of 65,450 sites were found to be exposed on the internet.
Result when searched with the keyword “Jira” on Criminal IP Asset Search
Using the “HTML Meta Description” Filter to Search For Vulnerabilities
You can also look for exposed collaboration tools on the internet with the html_meta_description filter on Criminal IP(criminalip.io). Using this filter will narrow down your search result to more directly exposed collaboration tool pages. Here, we took a look at exposed pages by using the html_meta_description: “Kanban” and “Dashboard.”
- https://www.criminalip.io/asset/search?query=html_meta_description%3A+%22Kanban%22
- https://www.criminalip.io/asset/search?query=html_meta_description%3A+%22Dashboard%22
html_meta_description: “Kanban”
html_meta_description: “Dashboard”
Result when searched html_meta_description: kanban on Criminal IP
A login page of a collaboration tool after searching for html_meta_description: dashboard
Despite the fact that most of these pages require login authentication, their presence on the internet and easy discoverability through a few simple keyword searches suggests that the servers running these collaboration tools are vulnerable to various cyber attacks, such as brute-force attacks. Therefore, it is crucial for users to take the necessary security measures and ensure that their collaboration tools are properly secured to prevent unauthorized access and potential data breaches.
Source : Criminal IP (https://www.criminalip.io)
[…] have posted a blog about how to detect vulnerabilities in collaboration tools by meta_description search before, so check it out to learn more about filter […]