type juggling into sensitive data internal exposure in karir.itb.ac.id | #poc video

disclaimer: in this video, I do not teach any way to do evil. but I made this to help friends in learning ethical hacking. and this is for nothing but educational purposes. "hacking without permission is illegal"

==========================================================
Vulnerability: sensitive information disclosure Severity: high
Description: Sensitive Information Disclosure, I found this because there was an error in the error message given by the server by exposing several sensitive mechanisms such as the full webroot path, PHP configuration files, the framework used, and several other PHP file vendors that could be manipulated by attackers.

Impact:- because exposed configuration files can provide sensitive information that allows attackers to gain further access to the system- Detailed Stack Trace errors in the output can expose sensitive information about the application structure, including file names, directory paths, and frameworks used. This can be used by attackers to carry out more specific attacks such as path traversal or remote code execution. - The error occurred due to accessing properties of an object that does not exist (null). In another scenario, if any input from the user is not properly verified and is used directly without validation, this could open the door to IDOR (Insecure Direct Object Reference) or SQL Injection attacks. Attackers can modify a given ID to try to access other companies' data or other sensitive data- endpoints that accept a company ID as a parameter without sufficient validation, an attacker could try to manipulate the ID to access or modify other company data, related to the IDOR. Attackers can change the ID in the URL and see if they can access company data that doesn't belong to them.

Remediation:- Use production settings that disable error reporting and display more general (generic) error messages. Laravel has a configuration to handle this in the .env file:APP_ENV=productionAPP_DEBUG=false- Validate user input well before using it in queries. Use prepared statements or ORM to prevent SQL Injection.- Ensure authorization is performed for every action involving user data. For example, if a user is only allowed to access their company data, add an authorization layer to ensure only authorized data can be accessed.
==========================================================

#sensitiveinformationdisclosure #servererror #webrootexposure #phpconfiguration #frameworkexposure #criticalvulnerability #stacktrace #sqlinjection #idor #pathtraversal #remotecodeexecution #bugbounty #bughunting #penetrationtesting #websecurity #infosec #cybersecurity #securityawareness #inputvalidation #errorhandling #dataexposure #exploits #webapplicationsecurity #developerbestpractices #sensitivesecuritydata #webappvulnerabilities #unauthorizedaccess #securitymisconfiguration #vulnerabilityremediation #securityflaws #errordisclosure #confidentialdataexposure #errorstacktrace #fullpathdisclosure #configfileexposure #frameworkidentification #attackvectors #maliciousmanipulation #databaseexposure #unauthorizeddataaccess #inputsanitization #errorreporting #errorpages #genericerrorhandling #securityconfig #webvulnerability #sensitivedataleakage #frameworkweakness #errordetails #systeminfoexposure #debuggingrisk #serversecurity #dataauthorization #endpointvulnerability #dataisolation #webappattack #maliciousactors #informationleakage #dataleakageprevention #accesscontrol #insecureobjectreference #sqli #sqlivulnerabilities #stacktraceexposure #securitybestpractices #errorconfig #servermisconfiguration #webrootexposurerisk #exposedfiles #misconfiguredserver #webappsecuritytesting #securityvulnerabilities #debuggingmode #errorvisibility #securityexposure #serverhardening #dataprivacy #usersafety #informationsafety #dataauthorizationchecks #applicationsecurity #devsecops #systemexposure #errorhiding #userdatasecurity #websiteprotection #securecoding #debuggingexposure #serversecurityconfig #exposuremitigation #errorprevention #sensitivedata #errorpagesecurity #errorsecurity #datalossprotection #softwaresecurity #websecurityflaw #errorhandlingbestpractices #systemvulnerability #securityhole #vulnerabilitymanagement #errorpagesanitization #webappweakness #criticaldataprotect #hardenedsecurity #webappsecurecoding #vulnerabilityfix #errortraceexposure #exposedsecurityflaws #webapplicationvulnerabilities #webvulnerabilityassessment #applicationvulnerabilities #exploitprevention #errorconfigsecurity #webappdataexposure #frameworksecurity #securedataleak #inputsanitizationcheck #webappsecuritypractices #errorhandlingimplementation #sensitivedataprotect #infosecurity #serverprotection #websitedatasecurity #dataprotection #securingwebapps #errorconfiguration #endpointprotection #debuggingcontrol #dataprotectionmeasures #systemprotection #criticalexposure #webapplicationhardening #errorreportsecurity #dataprivacyprotection