Nahamcon 2022

Keeber 3

Solved by: Starry-Lord

Here is their github:

https://github.com/keebersecuritygroup

https://github.com/keebersecuritygroup/security-evaluation-workflow/commit/e76da63337cfabb12ea127af3f86168e9dd08428

We can see at this point in time a file called asana_secret.txt was uploaded to the github by mistake, Tiffany made a typo in the .gitignore file which ended up preventing asana_secret.tx from being commited (which doesn’t exist). Looking up Asana, I read we can query other users e-mails if we invite them to a group we create. It didn’t help us here but still noticeable detail. Researching more on asana, I discovered it has an API which allows to get information back with the right Authorization Header.