Scroll Top

Owasp Juicy Shop | Sensitive Data Exposure


Owasp Juicy Shop | Sensitive Data Exposure

Sensitive Data Exposure: Sensitive Data Exposure vulnerabilities can occur when a web application does not adequately protect sensitive information from being disclosed to attackers. This can include information such as credit card data, medical history, session tokens, or other authentication credentials. It is often said that the most common flaw is failing to encrypt data. One example of this vulnerability is the clear text submission of a password. This is one of many vulnerabilities detected by Burp Scanner. ~ Portswigger

In this blog we are going to use owasp juicy shop vulnerable portal for the demonstration

Access The Confidential Document

Open the owasp Juicy shop site, go to left side corner click on three lines and click on about us option

In the above image, I clicked on about us and it show me a paragraph where I can find some different color link in the paragraph. I clicked on it and Immediately a popup comes to download file, if you want to save you can save otherwise you can leave it. I didn’t save this file

After some time I can find some ftp link is seen in the corner when i keep my mouse in link it shows me site/ftp/ file. What I did is I checked whether ftp is opening or not but luckily it was opening .

I download the acquisitions file and using Kali Linux I create a directory in desktop named juice shop I moved the acquisitions file from downloads to desktop

Now we can see here the company confidential file and it exposing some company plains

Download the backup file

Open the FTP link again and click on package.json.bak file, it is a backup file we tried to download it but when we click on it it is giving me 403 error only .md and .pdf are allowed

To get around this, we will use a character bypass called “Poison Null Byte“. A Poison Null Byte looks like this: %00. the file name will be we encode %00 in url encoding and put it in the end of url.

Finally we have downloaded the backup file.

The backup file can contain old and current version of files on the web server. this file could include sensitive data like password, configuration file or even the applications source code. This information could lead to further attack.

Author: Dhakshana E is a passionate Cybersecurity Intern, contact LinkedIn

Related Posts

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.