banner
言心吾

言心吾のBlog

吾言为心声
HomeArchivesLinks

SRC Mining of Sensitive Information Leakage

#挖洞2320
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The document discusses the concept of sensitive information from both legal and broader perspectives, emphasizing its potential harm if leaked or misused. It categorizes sensitive information into three main types: 1. **Enterprise Sensitive Information**: Varies by industry, with examples including order information in logistics, housing contracts in real estate, and policy data in insurance. 2. **User Sensitive Information**: Includes personal identifiers like names and phone numbers. Information leakage often occurs in community features or through unauthorized access to query interfaces. 3. **Site Sensitive Information**: Refers to traditional data leaks from sensitive files or directories on websites, such as robots.txt, backup files, and configuration files. Additionally, it highlights the risks associated with open-source platforms, where sensitive information can be inadvertently exposed, such as on platforms like Yuque, cloud storage services, and GitHub. The author concludes by indicating that further advanced methods of information exploitation will be shared in future discussions.

Identifying Sensitive Information#

Concept of Sensitive Information#

  • Legal perspective: Personal information that, once leaked or used illegally, is likely to infringe upon the dignity of natural persons or endanger their personal or property safety.
  • Broader perspective: Any information that can be exploited is referred to as sensitive information.

Classification of Sensitive Information#

Corporate Sensitive Information#

Different companies have varying definitions of sensitive information, and their standards for assessing harm also differ.

(1) Logistics Industry
Order information is defined as high-risk and severe, for example, SF Express's core business is the order management system.

(2) Rental and Real Estate Platforms
House design blueprints and rental contracts are considered sensitive information.

(3) Insurance Platforms
Policy data and customer data are classified as sensitive content.

And so on.

When discovering vulnerabilities, we need to pay special attention to what industry the targeted company belongs to and what types of corporate sensitive information may exist.

User Sensitive Information#

User sensitive information typically includes name, phone number, email, ID number, etc. (also referred to as the citizen N elements).
Generally, when these pieces of information appear in combination and exceed 10 items, it constitutes information leakage.

Common points of user information leakage include communities, leaderboards, comments, etc. In short, any place that loads other users' information may have the potential for information leakage!

Why? Because some interfaces may only hide content on the front end, but the user's other personal information can be seen in the data packet, and no data parameter encryption has been applied.
In this case, we can obtain sensitive information simply by accessing the functional pages of the website!

User sensitive information leakage is also commonly found in unauthorized access to query-type interfaces.
Keywords: info list getxxinfo getxxcomment
Controllable parameters: id pageNo pageSize

Site Sensitive Information#

I personally define this type of information leakage as traditional information leakage, which refers to sensitive files or directories that may exist on the site.

Common sensitive files or directories include:

robots.txt
crossdomain.xml (cross-domain policy file)
sitemap.xml
test files
website backup files (.rar, .zip, .7z, .tar, .gz, .bak)
DS_Store files, etc. (similar to CTF source code leakage)
WEB-INF/web.xml files
backend directories
website installation directories
website upload directories
MySQL management pages
phpinfo
website text editors

The discovery of sensitive files and directories is generally done using tools and scripts, such as Lighthouse, BBscan, etc.

Sensitive Information from Other Open Source Platforms#

I define this type of information leakage as social engineering information leakage, which arises from companies not adequately protecting information on relevant third-party platforms. Here are some common leakage points:

  • Yuque Public Knowledge Base
    Yuque is a knowledge management tool that companies may use to store and share sensitive documents. If permissions are set improperly or share links are made public, sensitive information may be leaked. However, after several rounds of rectification, the amount of sensitive information that can be found here has decreased significantly.

Keywords: server 123456 student ID

  • Cloud Storage Search
    Cloud storage search engines may index files containing sensitive information or source code from websites, and this type of information collection is almost mystical.

  • GitHub
    GitHub is an open-source code hosting platform where developers sometimes accidentally submit sensitive information (such as API keys, passwords, etc.) to repositories. This information may be exploited by malicious users, posing security risks.

Postscript#

This article shares my understanding of sensitive information and common functional points of information leakage. More advanced discovery methods, such as utilizing JS interfaces and unauthorized viewing, will be shared in future posts!

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.