🍡[Severity 3] Sensitive Data Exposure

Notes about Sensitive Data Exposure & the practical.

Sensitive Data Exposure - when a webapp accidentally exposes sensitive data. Usually consists of customer information and could also be more technical information such as usernames and passwords.

The most common way to store a large amount of data is in a database. Databases usually follow SQL syntax or sometimes NoSQL.

Sometimes databases could be stored underneath the root directory of the website which can be downlaodable and queried from our own machine.

sqlite3 is the most common flat-file database and can be interacted with most programming language.

To access a SQlite database, we can use the command, "sqlite3 <database-name>"

To see the tables in the database we can use the ".tables" command.

Practical

To begin with this practical, I navigated to the webapp located at 10.10.37.57 and looked around the page source for comments.

The website's home page.

Nothing stood out to me on the home page so I went to the next link I saw which was the /login page. On the /login page I could see some comments in the html code.

http://10.10.37.57/login

From the comment we found in the code, we can see there is a database stored at /assets.

http://10.10.37.57/assets

From here, we can answer the first two questions. The mentioned directory is /assets and the important looking file is webapp.db.

I downloaded the webapp.db file and began running sqlite3.

sqlite webapp.db

Last updated