Information Security

Hacking OWASP’s Juice Shop Pt. 13: Confidential Document

Posted on by codeblue04

Challenge: 

Name: Confidential Document

Description: Access a confidential document

Difficulty: 1 star

Category:  Sensitive Data Exposure

Expanded Description: https://pwning.owasp-juice.shop/part2/sensitive-data-exposure.html

Tools used:

None

Resources used:

None.

Methodology: 

Way back in the first installment of this series, Security Policy, in the process of enumerating the site using spiders and directory scanners, it was revealed that the site has a File Transfer Protocol (FTP) directory. If we’re looking for documents, the odds of a confidential document being located there (especially at the one star level) are high.

Once you head over to http://localhost:3000/ftp, you can choose to download every .md file there, or you can simply choose the one most likely to be sensitive:

And what confidential information are they hiding in plain sight?

File Edit Search View Document Help Planned Acquisitions This document is confidential! Do not distribute! Our company plans to acquire several competitors within the next year. This Will have a significant stock market impact as we Will elaborate in detail in the following paragraph: Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, ipsum dolor sit amet. Our shareholders Will be excited. no sea takimata sanctus est Lorem It's true. No fake news.

Sheesh. Seems important.

Prevention and mitigation strategies:

If you must have an FTP folder, be very, very careful about what you put there. Access controls (IP whitelist, password, et cetera) are important if you’re going to have sensitive data on there.

Lessons Learned and Things Worth Mentioning: 

  1. Nothing, really.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s