Pwning OWASP’s Juice Shop Pt. 13: Confidential Document

Challenge: 

Name: Confidential Document

Description: Access a confidential document

Difficulty: 1 star

Category:  Sensitive Data Exposure

Expanded Description: https://pwning.owasp-juice.shop/part2/sensitive-data-exposure.html

Tools used:

None

Resources used:

None.

Methodology: 

Way back in the first installment of this series, Security Policy, in the process of enumerating the site using spiders and directory scanners, it was revealed that the site has a File Transfer Protocol (FTP) directory. If we’re looking for documents, the odds of a confidential document being located there (especially at the one star level) are high.

Once you head over to http://localhost:3000/ftp, you can choose to download every .md file there, or you can simply choose the one most likely to be sensitive:

And what confidential information are they hiding in plain sight?

File Edit Search View Document Help 
Planned Acquisitions 
This document is confidential! Do not distribute! 
Our company plans to acquire several competitors within the next year. 
This Will have a significant stock market impact as we Will elaborate in 
detail in the following paragraph: 
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy 
eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam 
voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet 
clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit 
amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam 
nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, 
sed diam voluptua. At vero eos et accusam et justo duo dolores et ea 
rebum. Stet clita kasd gubergren, 
ipsum dolor sit amet. 
Our shareholders Will be excited. 
no sea takimata sanctus est Lorem 
It's true. No fake news.

Sheesh. Seems important.

Prevention and mitigation strategies:

If you must have an FTP folder, be very, very careful about what you put there. Access controls (IP whitelist, password, et cetera) are important if you’re going to have sensitive data on there.

Lessons Learned and Things Worth Mentioning: 

  1. Nothing, really.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s