Identification of Sensitive Information#
Concept of Sensitive Information#
- Legal perspective: Personal information that, once leaked or used illegally, can easily lead to the infringement of an individual's dignity or endanger personal and property safety.
- Broader perspective: Any information that can be exploited is referred to as sensitive information.
Classification of Sensitive Information#
Corporate Sensitive Information#
Different companies have varying definitions of sensitive information, and their standards for assessing harm also differ.
(1) Logistics Industry
Order information is defined as high-risk and serious, for example, SF Express's core business is the order management system.
(2) Rental and Real Estate Platforms
House design blueprints and rental contracts are considered sensitive information.
(3) Insurance Platforms
Policy data and customer data are classified as sensitive content.
And so on.
When exploring vulnerabilities, we need to pay special attention to the industry to which the company belongs and what types of corporate sensitive information may exist.
User Sensitive Information#
User sensitive information typically includes names, phone numbers, email addresses, ID numbers, etc. (also referred to as citizen N elements).
Generally speaking, when this information appears in combination and exceeds 10 entries, it constitutes a data leak.
Common points of user information leakage include communities, leaderboards, comments, etc. In short, any place that loads other users' information may have the potential for information leakage
!
Why? Because some interfaces may only hide content on the front end, but the user's other personal information can be seen in the data packet, and no data parameter encryption has been applied.
In this case, we can obtain sensitive information simply by accessing the functional pages of the website!
User sensitive information leakage is also common in unauthorized access to query interfaces.
Keywords: info list getxxinfo getxxcomment
Controllable parameters: id pageNo pageSize
Site Sensitive Information#
I personally define this type of information leakage as traditional information leakage, which refers to sensitive files or directories that may exist on the site.
Common sensitive files or directories include:
robots.txt
crossdomain.xml (cross-domain policy file)
sitemap.xml
test files
website backup files (.rar, .zip, .7z, .tar, .gz, .bak)
DS_Store files, etc. (similar to CTF source code leakage)
WEB-INF/web.xml files
backend directories
website installation directories
website upload directories
MySQL management pages
phpinfo
website text editors
The discovery of sensitive files and directories is generally done using tools and scripts, such as Lighthouse, BBscan, etc.
Sensitive Information from Other Open Source Platforms#
I define this type of information leakage as social engineering information leakage, which arises from companies not adequately protecting information on relevant third-party platforms. Here are some common leakage points:
- Yuque Public Knowledge Base
Yuque is a knowledge management tool that companies may use to store and share sensitive documents. If permissions are not set correctly or sharing links are made public, sensitive information may be leaked. However, after several rounds of rectification, the sensitive information that can be found here has decreased significantly.
Keywords: server 123456 student ID
-
Cloud Storage Search
Cloud storage search engines may index files containing sensitive information or website source code, and this type of information collection is almost mystical. -
Github
Github is an open-source code hosting platform where developers may sometimes accidentally submit sensitive information (such as API keys, passwords, etc.) to repositories. This information may be exploited by malicious users, posing security risks.
Postscript#
This article shares my understanding of sensitive information and common functional points of information leakage. More advanced exploration methods, such as JS interface utilization and privilege escalation, will be shared in future posts!