🌺
tryhackme notes
  • 🌺TryHackMe Profile Link
  • Learning Paths
    • 🌺CompTIA PenTest+
      • 🍡Intro to Offensive Security
      • 🍡Penetration Testing Tools
        • 🍡Nmap
          • 🍡Nmap Switches
          • 🍡Overview
          • 🍡TCP Connect Scans
          • 🍡SYN Scans
          • 🍡UDP Scans
          • 🍡NULL, FIN, Xmas Scans
          • 🍡Working with the NSE
          • 🍡Practical
        • 🍡Burp Suite
          • 🍡Introduction
          • 🍡Site Map and Issue Definitions
        • 🍡Metasploit
          • 🍡Introduction
          • 🍡Working with Modules
        • 🍡Nessus
          • 🍡Introduction
          • 🍡Scanning!
          • 🍡Scanning a Web Application!
        • 🍡Hydra
          • 🍡Introduction
          • 🍡Using Hydra
      • 🍡Application-based Vulnerabilites
        • 🍡OWASP Top 10
          • 🍡[Severity 1] Command Injection
          • 🍡[Severity 2] Broken Authentication
          • 🍡[Severity 3] Sensitive Data Exposure
          • 🍡[Severity 4] XML External Entity
          • 🍡[Severity 5] Broken Access Control
          • 🍡[Severity 6] Security Misconfiguration
        • 🍡Vulnversity
      • 🍡Local-host Vulnerabilities
      • 🍡Network-based Vulnerabilites
    • 🌺Web Fundamentals
      • 🌺Introduction to Web Hacking
        • 🍡Walking an Application
      • 🌺Pickle Rick
  • Modules
    • 🌺Linux Fundamentals
      • 🍡Linux Fundamentals Part 1
        • 🍡Searching for Files
      • 🍡Linux Fundamentals Part 3
        • 🍡Processes 101
    • 🌺Introduction to Penetration Testing
      • 🍡Pentesting Fundamentals
        • 🍡Penetration Testing Methodologies
          • 🍡Black Box, White Box, Grey Box Penetration Testing
      • 🍡Principals of Security
        • 🍡The CIA Triad
        • 🍡Principles of Privilege
        • 🍡Security Models Continued
        • 🍡Threat Modelling & Incident Response
    • 🌺Introduction to Cyber Security
    • 🌺Pre Security
    • 🌺John the Ripper
  • Rooms
    • 🍡Basic Pentesting
    • 🍡OhSINT
    • 🌸Sakura Room
    • 😼dogcat
Powered by GitBook
On this page
  1. Learning Paths
  2. CompTIA PenTest+
  3. Application-based Vulnerabilites
  4. OWASP Top 10

[Severity 3] Sensitive Data Exposure

Notes about Sensitive Data Exposure & the practical.

Previous[Severity 2] Broken AuthenticationNext[Severity 4] XML External Entity

Last updated 1 year ago

Sensitive Data Exposure - when a webapp accidentally exposes sensitive data. Usually consists of customer information and could also be more technical information such as usernames and passwords.

The most common way to store a large amount of data is in a database. Databases usually follow SQL syntax or sometimes NoSQL.

Sometimes databases could be stored underneath the root directory of the website which can be downlaodable and queried from our own machine.

sqlite3 is the most common flat-file database and can be interacted with most programming language.

To access a SQlite database, we can use the command, "sqlite3 <database-name>"

To see the tables in the database we can use the ".tables" command.

Practical

To begin with this practical, I navigated to the webapp located at 10.10.37.57 and looked around the page source for comments.

Nothing stood out to me on the home page so I went to the next link I saw which was the /login page. On the /login page I could see some comments in the html code.

From the comment we found in the code, we can see there is a database stored at /assets.

From here, we can answer the first two questions. The mentioned directory is /assets and the important looking file is webapp.db.

I downloaded the webapp.db file and began running sqlite3.

🌺
🍡
🍡
🍡
The website's home page.
http://10.10.37.57/login
http://10.10.37.57/assets
sqlite webapp.db