PII Leakage Variant

Step 1: Go to the hacking challenge (The URL will be different for each user). http://13.126.231.126/Sensitive-Information-Disclosure/PII-leakage-Variant-2/

Step 2: Now in the browser, click on ‘View KYC Documents’ button.

Step 3: Now open the image in a new tab. This is the URL of the image that has been opened in the new tab: http://13.126.231.126/static/images/Sensitive-Information-Disclosure/PII-leakage-Variant-2/userfiles/user985624475/PanCard.png

Step 4: Now remove the image name from the URL and hit enter. The URL should now look like this: http://13.126.231.126/static/images/Sensitive-Information-Disclosure/PII-leakage-Variant-2/userfiles/user985624475/ You will get the data of the current user.

Step 5: Now similarly remove the user985624475 part and hit enter.

Step 6: It will show the data of other users.

PreviousLogical Bruteforcing NextIdentifying Security is configurations and Exploiting Outdated Web Applications

Last updated 1 year ago