Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Sensitive Storage Data Exposed

By kannthu

Medium
Vidoc logoVidoc Module
#expose#listing#config#logs#storage
Description

What is "Sensitive Storage Data Exposed?"

The "Sensitive Storage Data Exposed" module is designed to detect instances where sensitive storage data is exposed. It targets software that may have misconfigurations or vulnerabilities that could lead to the exposure of sensitive information. The severity of this module is classified as medium.

This module was authored by pussycat0x.

Impact

If sensitive storage data is exposed, it can pose a significant risk to the security and privacy of the affected system. This can potentially lead to unauthorized access, data breaches, and other malicious activities.

How the module works?

The "Sensitive Storage Data Exposed" module works by sending HTTP requests to specific paths related to storage in the targeted software. It then applies matching conditions to identify instances where sensitive data may be exposed.

For example, one of the HTTP requests sent by this module could be a GET request to paths such as "/storage/", "/api_smartapp/storage/", "/equipbid/storage/", and others. The module applies matching conditions to check if the response contains specific words like "Index of", "oauth-private.key", or "oauth-private.key". Additionally, it verifies that the response status is 200.

If the module finds a match, it will report the vulnerability as specified in the configuration.

For more information, you can refer to the Exploit Database.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/storage//api_smartapp/storag.../equipbid/storage/(+3 paths)
Matching conditions
word: Index of, oauth-private.key, oauth-priva...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability