In this article, we are telling you about Sensitive Data Exposure Owasp, here we are telling you through Sensitive Data Exposure Example, all this is being told to you for education purpose.
Practical Application of Sensitive Data Exposure OWASP We are presenting you in OWASP Juice Shop, we have already told you about DVWA and BWAPP, XWVA, OWASP Juice Shop is the platform for similar practice.
Here we are also telling you to install OWASP Juice shop, as well as the Sensitive Data Exposure Example, here we are telling you by solving two labs.
Note- This article is only for educational purpose. Don’t miss use your knowledge and skills.
What is Sensitive Data Exposure Owasp ?
Before going practically to Sensitive Data Exposure OWASP you should know what is Sensitive Data Exposure and first of all you should know how to use OWASP Juice Shop
As the name suggests, Sensitive Data Exposure in any website, if you are able to see the sensitive data of the website or users in any way in the plane text, in such a situation it is called Sensitive Data Exposure OWASP vulnerability.
For example, in websites like amazon, flipkart, you are able to see the personal information of users in the plane text like their names, mobile numbers, credit cards information, in such a situation it is Sensitive Data Exposure.
In the same way, even if you are able to see the sensitive data of a website, it is still called Sensitive Data Exposure vulnerability, now here comes the question that how the Sensitive Data Exposure bug can be found.
This work can be done in many ways like by exploiting, changing the response and making changes in the request, it all depends on a bug hunter, how he is able to see the sensitive data of a website in plane text.
For example, if a website has ssl and you are able to open that website even without ssl, then you get all the data in plane text, even then this Sensitive Data Exposure OWASP vulnerability. When the website is not set on force ssl.
Also Read
what is bait and switch technique practical
Hack social media using phishing apps 2021
How to Install Owasp Juice Shop ?
Let us first of all know that how you can install Owasp juice shop, although you are given all the steps to install it, but still we are telling you to install it here.
As you can see in the image, in this way you have to first install node js and npm, here if you get any kind of error, then you must run the command of sudo apt-get update once.
It will take you some time to install all this as we took 10-15 minutues to install it, after that you can run owsap juice shop by giving npm start command as you can see in the image.
After doing all this, you can open in the browser Owasp juice shop is open in front of you like this but here also you have to find the score board only then you can access the labs here.
By the way, you should find the score board by yourself from the js files, but here we are telling you directly as you can see in the url, you have to do something like this too if you mai to open your score board. Any kind of error comes, in such a situation you are being given a link to a video here.
This is not our video so don’t judge us ……………………….
Sensitive Data Exposure Example ?
Let us now tell you about Sensitive Data Exposure Owasp through Sensitive Data Exposure Example, here we are telling you by solving two labs, you will know only after looking here, how Sensitive Data leaks.
As you can see in the image, first of all we are telling you to solve the lab with a confident document, for this you will need burp suite, configuring burp suite, you have already been told in many articles.
First of all you have to go to the about us page in the menu, in this way you get a link in the about us page, here you must run the burp suite so that whatever url you visit you can find it in history
As you can see in the image, here you will get the url shown in this way, you have to send this request to the repeater, all this has been told to you before, you can send to repeater by right clicking.
As you can see in the image, here you have to send the request by making some changes in the get request, here the request has been sent by removing the legal.md, after that you will get aquisitios.md md show in response.
After this you have to open this file as you can see in the image, we have sent the request by adding the acquisitions.md to the get request here and you can also check the above here by accessing your this lab with a confident document have solved.
Similarly, you get the lab of Exposed Metrics, you have been given a link as well, first you have to open that link, you get another link as you can see in the image.
As soon as you open the link, a url is shown to you, something like this but you can also access it directly by writing metrics in the url and your lab is also solved.
As you can see in the image here also the information of juice shop is being shown to you, in this way you can solve both these labs of Sensitive Data Exposure Owasp.
The Conclusion
We hope that now you know about Sensitive Data Exposure Owasp. We have also told you here through Sensitive Data Exposure Example, as well as here you have been told to install Owasp Juice shop.
We have told you here by solving two labs of Sensitive Data Exposure Owasp, all this has been told for you to understand, do not misuse it in any way if you get Sensitive Data Exposure Vulnerability, in this way you can report
If you have any question related to Sensitive Data Exposure Owasp or any kind of question, you can ask in the comment section, you will be fully helped, here you get more articles related to bug hunting, you can also read them.
You can join our Telegram or Whatsapp group for learning. You can take live classes here daily 8:30 pm. Telegram Group , Whatsapp group
Sharing is Caring
Thankyou
Leave a Reply