Name: Confidential Document
Description: Access a confidential document
Difficulty: 1 star
Category: Sensitive Data Exposure
Expanded Description: https://pwning.owasp-juice.shop/part2/sensitive-data-exposure.html
Way back in the first installment of this series, Security Policy, in the process of enumerating the site using spiders and directory scanners, it was revealed that the site has a File Transfer Protocol (FTP) directory. If we’re looking for documents, the odds of a confidential document being located there (especially at the one star level) are high.
Once you head over to http://localhost:3000/ftp, you can choose to download every .md file there, or you can simply choose the one most likely to be sensitive:
And what confidential information are they hiding in plain sight?
Sheesh. Seems important.
Prevention and mitigation strategies:
If you must have an FTP folder, be very, very careful about what you put there. Access controls (IP whitelist, password, et cetera) are important if you’re going to have sensitive data on there.
Lessons Learned and Things Worth Mentioning:
- Nothing, really.