I am able to see user’s sensitive data through JSON file.
Hey guys its my first simple writeup, So then just ignore grammer mistake’s and enjoy it.
In the current marketplace multiple web-application’s or website’s are using the JSON file format to exchange the data.
What is JSON file ?
A JSON file is a file that stores simple data structures and objects in
It is primarily used for transmitting data between a web application and a server.
The Vulnerability :
Sometimes what happen’s that JSON file format is used to retrive data(using GET Method) from server for authentication purpose & many more reasons.
I am going to explain this vulnerability by 2 Scenario’s.
So i just trying to find vulnerabilities in target.com and tried almost all
ways to exploit any vulnerability . But i failed then i just started to see its all files and pages.
Then i saw that , in this target.com their is option to create or invite users
with username & password. I just created one .
When we add or configure User in the domain it stores that information on server by using json file and when i inspect particular file that time i saw that json file leakaging information related added user.
I think it is showing information because i logged in but when
i logout still it is showing information with the password.There is no problem
if the password is visible in parameters but it is visible in response so that’s the issue.
Steps to reproduce :
Instead of Burpsuite i used mozilla’s inspector to verify vulnerability.
1: Open the website inspector.
2: Then add the user and then saw the json file whish have ID as a name.
3: Check the information like cookies , parameter & response.
4: In response there is data leakage (password , username,id) .
see the image , in this image their is GET method which used by JSON file to retrive data.
I reported bug to program on bugcrowd.
They change it to p3 -> p4
And I got reward .
In 2nd Scenario ,their is target.com. When i go to account details page that’s time
lots of data leakaging realted to user like username, password in encrypted form, address & contact details.
Follow same steps on profile page and you got details like this.
So it was a cool bug and it’s super easy.
Suggestions are most welcome as always.
I will keep posting my findings. If you got anything from it,
you can press the clap icon below and ya, don’t forget to follow me on linkedin & twitter as well.
See you all next time. :)
Bugcrowd : click here
Twitter: click here
Linkedin: click here