banner
言心吾

言心吾のBlog

吾言为心声
HomeArchivesLinks

SRC Mining of Sensitive Information Leakage

#挖洞389
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The text discusses the concept of sensitive information from both legal and broader perspectives, defining it as personal data that can harm an individual's dignity or safety if leaked. It categorizes sensitive information into two main types: corporate and user-sensitive information. Corporate sensitive information varies by industry, with examples including order management systems in logistics, rental agreements in real estate, and policy data in insurance. User-sensitive information typically includes personal identifiers like names and phone numbers, and leaks often occur through community features or unauthorized access to query interfaces. The text also identifies sensitive files and directories that may be exposed on websites, such as configuration files and backups, which can be discovered using tools and scripts. Additionally, it highlights risks associated with third-party platforms like Yuque and GitHub, where sensitive information may be inadvertently shared or exposed. In conclusion, the author emphasizes the importance of understanding sensitive information and common leakage points, hinting at more advanced exploration methods in future discussions.

Identification of Sensitive Information#

Concept of Sensitive Information#

  • Legal perspective: Personal information that, once leaked or used illegally, can easily lead to the infringement of an individual's dignity or endanger personal and property safety.
  • Broader perspective: Any information that can be exploited is referred to as sensitive information.

Classification of Sensitive Information#

Corporate Sensitive Information#

Different companies have varying definitions of sensitive information, and their standards for assessing harm also differ.

(1) Logistics Industry
Order information is defined as high-risk and serious, for example, SF Express's core business is the order management system.

(2) Rental and Real Estate Platforms
House design blueprints and rental contracts are considered sensitive information.

(3) Insurance Platforms
Policy data and customer data are classified as sensitive content.

And so on.

When exploring vulnerabilities, we need to pay special attention to the industry to which the company belongs and what types of corporate sensitive information may exist.

User Sensitive Information#

User sensitive information typically includes names, phone numbers, email addresses, ID numbers, etc. (also referred to as citizen N elements).
Generally speaking, when this information appears in combination and exceeds 10 entries, it constitutes a data leak.

Common points of user information leakage include communities, leaderboards, comments, etc. In short, any place that loads other users' information may have the potential for information leakage!

Why? Because some interfaces may only hide content on the front end, but the user's other personal information can be seen in the data packet, and no data parameter encryption has been applied.
In this case, we can obtain sensitive information simply by accessing the functional pages of the website!

User sensitive information leakage is also common in unauthorized access to query interfaces.
Keywords: info list getxxinfo getxxcomment
Controllable parameters: id pageNo pageSize

Site Sensitive Information#

I personally define this type of information leakage as traditional information leakage, which refers to sensitive files or directories that may exist on the site.

Common sensitive files or directories include:

robots.txt
crossdomain.xml (cross-domain policy file)
sitemap.xml
test files
website backup files (.rar, .zip, .7z, .tar, .gz, .bak)
DS_Store files, etc. (similar to CTF source code leakage)
WEB-INF/web.xml files
backend directories
website installation directories
website upload directories
MySQL management pages
phpinfo
website text editors

The discovery of sensitive files and directories is generally done using tools and scripts, such as Lighthouse, BBscan, etc.

Sensitive Information from Other Open Source Platforms#

I define this type of information leakage as social engineering information leakage, which arises from companies not adequately protecting information on relevant third-party platforms. Here are some common leakage points:

  • Yuque Public Knowledge Base
    Yuque is a knowledge management tool that companies may use to store and share sensitive documents. If permissions are not set correctly or sharing links are made public, sensitive information may be leaked. However, after several rounds of rectification, the sensitive information that can be found here has decreased significantly.

Keywords: server 123456 student ID

  • Cloud Storage Search
    Cloud storage search engines may index files containing sensitive information or website source code, and this type of information collection is almost mystical.

  • Github
    Github is an open-source code hosting platform where developers may sometimes accidentally submit sensitive information (such as API keys, passwords, etc.) to repositories. This information may be exploited by malicious users, posing security risks.

Postscript#

This article shares my understanding of sensitive information and common functional points of information leakage. More advanced exploration methods, such as JS interface utilization and privilege escalation, will be shared in future posts!

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.