Hacker News new | past | comments | ask | show | jobs | submit login
Tell HN: Coca-Cola staging servers are showing up in search results
19 points by cryptoz 3 months ago | hide | past | favorite | 15 comments
See for example, https://www.google.com/search?q=cherry+coke

gives you a top result of https://staging.us.coca-cola.com/products/coca-cola-energy/cherry

which prompts with like an htaccess password




I got a different staging server as my #2 result. This is password pretected like OP suggested. https://preview.us.coca-cola.com/products/coca-cola-flavors/...

The link OP shared is open to the public to me. https://staging.us.coca-cola.com/products/coca-cola-energy/c...

I would think that even if these weren't showing up on google that people would be able to find the subdomains through dns. They should probably move these to an internal domain so they are harder to find.


For me the same happens w/ Netflix: their staging environment just shows up in normal search results: https://www.release.staging.ssic.netflix.com/


I see it, but I don't see a password; It looks just like the live site to me. https://imgur.com/a/Zn9tHCk


This applies to most big companies, maybe you just happened to notice it now. Security researchers are leveraging these (called Google dorks) every minute to find targets.



ok, sorry, second result.



Okay so the US link isn’t showing up for you in Canada, sure, but it does happen in the US.


Yep I see it, though it doesn't prompt me for a password - just looks like a normal half-finished website (although very different from www.coca-cola.com). Interesting.


> Coca-Cola® Energy Zero Sugar

> Calories 0

> Coca-Cola® Energy Zero Sugar combines the great taste of Coca-Cola with the energy you want to power you


Still has caffeine. Also no zero calorie soda is truly zero cal. They take advantage of labeling laws and serving sizes to be able to put “0 calories” even on gigantic 2 liter bottles.


So what is the username and password?


I did try a few things but didn’t get in haha


The luxury to write this in jest... You have no idea.


The footer has a 2021 copyright.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: