Hello all,
I’ve been dealing with an issue with Neopets, the online flash game. With the Help of @tensor_bodega I was able to completely dump the entire Codebase and see Employee Emails, LDAP Credentials, Database Credentials, Internal IPs, User IPs, etc. This is a serious problem - and being that I had experience with Neopets support in the past, I decided to contact them via public means on Twitter: https://twitter.com/johnjhacking/status/1342921353310027776?s=20
They had me reach out via DM and told me submit a support ticket. I submitted multiple vulnerabilities, but as of now they have only resolved the less severe ones and not the vulnerabilities resulting in a full dump of their Codebase w/server configs and information.
If anyone has a contact beyond the Neopets support line, please let me know. I don’t like playing Support → Developer coordination games. This is urgent and critical because PII is exposed and some of these individuals are Children.