{"id":59812,"date":"2022-10-27T09:42:19","date_gmt":"2022-10-27T01:42:19","guid":{"rendered":"https:\/\/version-2.com\/?p=59812"},"modified":"2022-12-02T18:13:40","modified_gmt":"2022-12-02T10:13:40","slug":"technical-tutorial-exploiting-sensitive-information-disclosure-on-github","status":"publish","type":"post","link":"https:\/\/version-2.com\/en\/2022\/10\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github\/","title":{"rendered":"Technical Tutorial: Exploiting Sensitive Information Disclosure on Github"},"content":{"rendered":"
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

\"\"<\/p>\n\n

Introduction<\/strong><\/h3>

In addition to hosting millions of lines of code, Github contains a ton of secrets hidden in the depths of various repositories. These secrets are the product of developers unknowingly pushing their credentials, server secrets, passwords, etc. to the repository in addition to their code.<\/p>

These secrets can be found with special Github search queries also called Github Dorks. A good collection of Github dorks is available here: https:\/\/github.com\/techgaun\/github-dorks<\/u><\/a><\/p>

Let\u2019s go through a couple examples of these to find secrets.<\/p>

Dork 1 – filename:sftp-config.json<\/strong><\/h4>

The file sftp-config.json is created by sublime text editor. Many developers prefer sublime text for remote development. For this purpose, sftp package in sublime comes handy. Sftp can be used with both password and\/or key based authentication.<\/p>

Once you setup the SFTP in sublime, sftp-config.json file is created as following:<\/p>

This file contains sensitive information such as username, password, and IP address to connect.<\/p>

So, if we search in github for sftp-config.json, we get several results, one of which is a web-programming project<\/u><\/a> that contains credentials in plain text.<\/p>

Dork 2 – filename:config.php dbpasswd<\/strong><\/h4>

It is very common for php applications to hardcode database credentials. Usually the config.php file is used to provide configuration details for a php application which will be used to establish a database connection. So when we use this github dork, we get many results with php projects containing hardcoded credentials.<\/p>

One example is valueclickbrands project<\/u><\/a>.<\/p>

Attackers can take advantage of this information disclosure bug to hijack the database completely and deal more damage.<\/p>

Key Takeaway<\/strong><\/h3>

Before making any project public, make sure the Github repository as well as previous commit branches does not contain hardcoded credentials and config files.<\/p>

#github #dorks <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t
\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

About Version 2 Digital<\/h3>

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n

\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

<\/p>\n

About VRX<\/b>
VRX <\/b>is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"

Introduction In addition to hosting millions of lines o […]<\/p>","protected":false},"author":143524195,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[488,476,61],"tags":[489,477],"class_list":["post-59812","post","type-post","status-publish","format-standard","hentry","category-488","category-vrx","category-press-release","tag-489","tag-vrx"],"acf":[],"yoast_head":"\nTechnical Tutorial: Exploiting Sensitive Information Disclosure on Github - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vicarius.io\/blog\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Technical Tutorial: Exploiting Sensitive Information Disclosure on Github - Version 2\" \/>\n<meta property=\"og:description\" content=\"Introduction In addition to hosting millions of lines o […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vicarius.io\/blog\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2022-10-27T01:42:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-12-02T10:13:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9j02u5t63ad0llg72pjgcof.jpg\" \/>\n<meta name=\"author\" content=\"version2hk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"version2hk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/10\\\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github\\\/\"},\"author\":{\"name\":\"version2hk\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\"},\"headline\":\"Technical Tutorial: Exploiting Sensitive Information Disclosure on Github\",\"datePublished\":\"2022-10-27T01:42:19+00:00\",\"dateModified\":\"2022-12-02T10:13:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/10\\\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github\\\/\"},\"wordCount\":305,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl9j02u5t63ad0llg72pjgcof.jpg\",\"keywords\":[\"2022\",\"vRx\"],\"articleSection\":[\"2022\",\"vRx\",\"Press Release\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/10\\\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github\\\/\",\"url\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github\",\"name\":\"Technical Tutorial: Exploiting Sensitive Information Disclosure on Github - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl9j02u5t63ad0llg72pjgcof.jpg\",\"datePublished\":\"2022-10-27T01:42:19+00:00\",\"dateModified\":\"2022-12-02T10:13:40+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github#primaryimage\",\"url\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl9j02u5t63ad0llg72pjgcof.jpg\",\"contentUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl9j02u5t63ad0llg72pjgcof.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Technical Tutorial: Exploiting Sensitive Information Disclosure on Github\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\",\"name\":\"version2hk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"caption\":\"version2hk\"},\"sameAs\":[\"http:\\\/\\\/version2xfortcom.wordpress.com\"],\"url\":\"https:\\\/\\\/version-2.com\\\/en\\\/author\\\/version2hk\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Technical Tutorial: Exploiting Sensitive Information Disclosure on Github - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vicarius.io\/blog\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github","og_locale":"en_US","og_type":"article","og_title":"Technical Tutorial: Exploiting Sensitive Information Disclosure on Github - Version 2","og_description":"Introduction In addition to hosting millions of lines o […]","og_url":"https:\/\/www.vicarius.io\/blog\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github","og_site_name":"Version 2","article_published_time":"2022-10-27T01:42:19+00:00","article_modified_time":"2022-12-02T10:13:40+00:00","og_image":[{"url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9j02u5t63ad0llg72pjgcof.jpg","type":"","width":"","height":""}],"author":"version2hk","twitter_card":"summary_large_image","twitter_misc":{"Written by":"version2hk","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.vicarius.io\/blog\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github#article","isPartOf":{"@id":"https:\/\/version-2.com\/2022\/10\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github\/"},"author":{"name":"version2hk","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db"},"headline":"Technical Tutorial: Exploiting Sensitive Information Disclosure on Github","datePublished":"2022-10-27T01:42:19+00:00","dateModified":"2022-12-02T10:13:40+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2022\/10\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github\/"},"wordCount":305,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9j02u5t63ad0llg72pjgcof.jpg","keywords":["2022","vRx"],"articleSection":["2022","vRx","Press Release"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2022\/10\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github\/","url":"https:\/\/www.vicarius.io\/blog\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github","name":"Technical Tutorial: Exploiting Sensitive Information Disclosure on Github - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.vicarius.io\/blog\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github#primaryimage"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9j02u5t63ad0llg72pjgcof.jpg","datePublished":"2022-10-27T01:42:19+00:00","dateModified":"2022-12-02T10:13:40+00:00","breadcrumb":{"@id":"https:\/\/www.vicarius.io\/blog\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vicarius.io\/blog\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.vicarius.io\/blog\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github#primaryimage","url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9j02u5t63ad0llg72pjgcof.jpg","contentUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl9j02u5t63ad0llg72pjgcof.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.vicarius.io\/blog\/technical-tutorial-exploiting-sensitive-information-disclosure-on-github#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/zh\/"},{"@type":"ListItem","position":2,"name":"Technical Tutorial: Exploiting Sensitive Information Disclosure on Github"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db","name":"version2hk","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","caption":"version2hk"},"sameAs":["http:\/\/version2xfortcom.wordpress.com"],"url":"https:\/\/version-2.com\/en\/author\/version2hk\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-fyI","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/59812","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/users\/143524195"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/comments?post=59812"}],"version-history":[{"count":5,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/59812\/revisions"}],"predecessor-version":[{"id":59817,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/59812\/revisions\/59817"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/media?parent=59812"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/categories?post=59812"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/tags?post=59812"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}