Information Security

Hacking OWASP’s Juice Shop Pt. 65: Email Leak

Posted on by codeblue04

Challenge: 

Name: Email Leak

Description: Perform an unwanted information disclosure by accessing data cross-domain.

Difficulty: 5 star

Category: Sensitive Data Exposure

Expanded Description: https://pwning.owasp-juice.shop/part2/sensitive-data-exposure.html

Tools used:

Burp Suite, FoxyProxy

Resources used:

Solution Guide https://pwning.owasp-juice.shop/appendix/solutions.html

Methodology: 

The expanded description for this challenge did nothing but highlight my inexperience with web development, so I jumped straight to the solution and then spent a day learning more about APIs. After all, what’s the point of copy/pasting the solution without learning why it solved the challenge?

 

C) @ 2; localhost:3000/rest/user/whoami?callback=anyname Kali Training Kali Tools NetHunter Exploit-DB •u GHDB MSFU / • typeof anyname — 'function' : {"id" :2, "email" : "jinkjuice-sh .op" , "lastLogJ

The asynchronous API callback returns the user information of users who are logged into the system at that time.

You successfully solved a challenge: Email Leak (Perform an unwanted information disclosure by accessing data cross-domain.) x

Lessons Learned and Things Worth Mentioning: 

  1. If admin and Jim are both logged in, and the admin Authorization and Token JWT fields are swapped out for Jim’s JWT, you can capture all of the user data from the rest/user/authentication-details endpoint in JSON format.
  2. I’d never seen “callback” before, so this challenge led to quite a bit of reading so that I could understand its purpose.

Leave a comment