Sensitive Data Exposure
Date: 28, December, 2020
Author: Dhilip Sanjay S
Sensitive data directly linked to customers.
Man in the Middle attack (The data can be captured due to weak encrption)
Directly on the web server itself.
Types of Databases
SQL - MySQL, MariaDB
NoSQL - MongoDB
Flat File DB - SQLite
Sensitive Data Exposure happens when the flat files are stored in the root directory of the website (i.e) one of the files that a suer connecting to the website is able to access.
SQLite commands
sqlite3 <database-name>
- To access a database..tables
- To view the tables.PRAGMA table_info(customers);
- To see the table information.SELECT * FROM customers;
- To dump all the information from the table.
Solutions
What is the name of the mentioned directory?
Answer: /assets
Steps to Reproduce:
Go to login page and view the source code.
Ctrl + U
Navigate to the directory you found in question one. What file stands out as being likely to contain sensitive data?
Answer: webapp.db
Use the supporting material to access the sensitive data. What is the password hash of the admin user?
Answer: 6eea9b7ef19179a06954edd0f6c05ceb
Steps to Reproduce:
sqlite3 webapp.db
What is the admin's plaintext password?
Answer: qwertyuiop
Steps to Reproduce: Use hashcat or crackstation.
Login as the admin. What is the flag?
Answer: THM{Yzc2YjdkMjE5N2VjMzNhOTE3NjdiMjdl}
Steps to Reproduce: Type the username as
admin
and password asqwertyuiop
.
Last updated