Hello Fellow Researchers, hope you are doing well and taking care of your health in this pandemic situation, my name is Mosin Khan. In this write up I am about to tell you how I saw Sensitive information on a Reset password page. I don’t have permission to disclose target information so, let’s call it example.com.
It was a normal website. To create an account it required a unique Username. I registered it successfully.
I visited the forget password page, I clicked on forgot password and noticed that this website used the password reset functionality based on Username which was being used to fetch the email address and send the link, but we don’t need to check the link because our topic is sensitive data exposure
As shown in the above screenshot, we captured the request with burp suite which was sending a POST request to the server along with the following account details:
Name of the registered user
As you can see in the above analysis shown that the above-mentioned sensitive details about the user were being sent unnecessarily causing sensitive data to be exposed.
You can change the username and you can get sensitive data information such as the mobile number and email of another user very easily
Hope the Blog helped you in gaining something informative.
Read More: On-Demand Mobile App
WEB APPLICATION SECURITY INTERN