information leakage

3 years ago 150
BOOK THIS SPACE FOR AD
ARTICLE AD

prabir maity

Information disclosure, also known as information leakage, is when a website unintentionally reveals sensitive information to its users. Depending on the context, websites may leak all kinds of information to a potential attacker, including:

Data about other users, such as usernames or financial informationSensitive commercial or business dataTechnical details about the website and its infrastructure

The dangers of leaking sensitive user or business data are fairly obvious, but disclosing technical information can sometimes be just as serious. Although some of this information will be of limited use, it can potentially be a starting point for exposing an additional attack surface, which may contain other interesting vulnerabilities. The knowledge that you are able to gather could even provide the missing piece of the puzzle when trying to construct complex, high-severity attacks.

Occasionally, sensitive information might be carelessly leaked to users who are simply browsing the website in a normal fashion. More commonly, however, an attacker needs to elicit the information disclosure by interacting with the website in unexpected or malicious ways. They will then carefully study the website’s responses to try and identify interesting behavior.

attacking step:

create a two account 1 is victem and 2 is attacker.login to evil.comreload the page and intercept all request using burp suit.then get a one request , request is :GET /api/users/victem_account_id HTTP/1.15. changed users id and get a all information in user .Report Aug 27 2020
bounty October 12, 2020 $2000
@0xprabir
Read Entire Article