IV. The impact of information disclosure vulnerabilities
1. Danger brings
Revealing sensitive information will often create a premise for an attacker to perform attacks with other vulnerabilities. For example, some sensitive information revealed from the error message can be a sign of vulnerabilities such as SQL Injection, Server-side Template Injection, etc. For an exposed part of the source code, an attacker can can look for exploits directly in the source code, or build a Deserialize attack, etc. Exposed operating system versions, technology versions can help attackers find some CVE ( Common Vulnerabilities and Exposures) applies to the version itself.
2. The role of information gathering in Penetration Testing
Pentest, short for penetration testing, is a form of assessment of the security of an IT system by actual simulated attacks. There is an old saying: “Know others, know me, win a hundred battles”. The information gathering stage plays a very important role in the pentest process (usually applied with blackbox pentests when there is no information about the target).
During this phase, the pentester will gather all the necessary information about the subject. The more information we collect, the more we understand the goal. From there, it is possible to build a reasonable and comprehensive strategy and attack plan, reducing time and saving effort.
V. Some tools to help find information disclosure vulnerabilities
Disclosure vulnerabilities can appear anywhere and vary widely. If you only search manually, it will be difficult to collect all the necessary information. Therefore, we can combine manual search with a number of support tools, the tools I introduce all have their own advantages and disadvantages, depending on your preferences and habits, you can choose the right ones. The tool that suits you best!
1. Google Chrome Wappalyzer Extension
Wappalyzer is a tool that helps detect technologies used by a website, for example: CMS the site is using, frameworks, ecommerce platforms, Javascript libraries, etc.
Besides Wappalyzer, there are many other extensions you can discover by yourself.
2. Some features are supported in Burp Suite
Some features and tools help find sensitive information in Burp Suite such as:
- Search feature (In Repeater option): search for some sensitive keywords such as: SQL, Select, template, invalid, …
- Find comments feature (In Target option): show all comments in Response.
- Discover content tool (In Engagement tools ): right-click and select Engagement tools and use the Discover content tool, a tool that helps us scan the directories of the website we are targeting (targeting)
3. Some other software and scanning tools
With software, information collection tools such as Nessus, Nuclei, Screaming Frog, …
With directory scanning, typically such as Dirsearch or Gobuster scan based on diverse directory lists, …
BECAUSE. Preventing information disclosure
- First of all, application developers need to distinguish between normal information and sensitive information.
- Take care to set strict permissions for each user’s role.
- Do not reveal backup files, sensitive paths.
- Programmers need to handle possible exceptions well.
- Always use and update applicable technologies to the latest versions.
- Regularly inspect and review products.