info leakage, website unknowingly reveals sensitive information. All kinds of information such as :

• Data about other users, such as usernames or financial information
• Sensitive commercial or business data
• Technical details about the website and its infrastructure

dangers of sensitive personal/business data leakage is obvious but technical info getting leaked is also serious. Attacks can be built upon that, even however fairly small.

eg such as:

• names of hidden directories, contents via a robots.txt file or directory listing access to source code files via temporary backups
• db table or column names in error messages
• exposing stuff like credit card details
• Hard coding API Keys, IP addresses, database credentials, and so on in the source code
• Hinting at existence or absence of resources, usernames, and so on via subtle differences in application behavior.

How it Arises:

• Failure to remove internal content from public content. eg: developer comments are sometimes visible to users in the production environment.
• Insecure configuration of the website and related technologies. eg: failing to disable debugging features provides a base ground to help obtain sensitive information. Default configurations can also leave websites vulnerable, eg: by displaying overly verbose error messages.
• Flawed design and behavior of the application. if a website returns distinct responses when different error states occur, this can also allow attackers to enumerate sensitive data, such as valid user credentials.

How to Test for em:

1. Fuzzing:
   1. submitting unexpected data types and specially crafted fuzz strings to see what effect this has.
      1. payload positions in parameters
      2. identify differences in responses by comparing HTTP status codes, response times, lengths and so on
      3. grep matching rules to identify keywords, such as error, invalid, SELECT, SQL, and so on.
2. Engagement tools
   1. Search
      1. fine tune it, such as regex search or negative search. finding occurrences (or absences) of specific keywords of interest
      2. Find any developer comments
3. Common Sources of infomation disclosure
   1. Web crawlers:
      1. /robots.txt and /sitemap.xml files like this can contains info
   2. Directory Listing
      1. Web Servers are sometimes configured to directory show the list the contents of directories that do not have an index page present.
   3. Developer Comments
      1. during development phase, comments are sometimes left. this can range from passwords, api keys, directory list, configuration, anything.
   4. Error Messages
      1. verbose error messages
      2. different error messages
   5. Debugging Data
      1. some websites generate custom error messages and logs. these store info about the application. this is useful during development but if left on prod can be very dangerous.
      2. Debug files can include
         1. Values for key session variables that can be manipulated via user input
         2. Hostnames and credentials for back-end components
         3. File and directory names on the server
         4. Keys used to encrypt data transmitted via the client
      • Lab: Information disclosure on debug page
   6. User Account Pages:
      1. a user’s profile or account page usually contains sensitive information. there might be some access control issue or logic flaw issue that could lead you to other user’s profile staright from the param or body value change through IDOR
   7. Source Code disclousre via Backup files
      1. getting the source code of an application makes things easier. sometimes sensitive data, hardcoded stuff can be found.
      2. When a server handles files with a particular extension, such as .php, it will typically execute the code, rather than simply sending it to the client as text. However, in some situations, you can trick a website into returning the contents of the file instead
         1. eg: text editors often generate temporary backup files while the original file is being edited
            1. these temp files, are indicated in a way like appending a tilde (~) to the filename or adding a different file extension
            2. requesting the code file using the backup file extension can sometimes lead to reading the contents in the response.
      • Lab: Source code disclosure via backup files
   8. Insecure Configuration
      1. websites can be improperly configured. and also due to usage of 3rd party services. these 3rd party services offer a vast amount of configuration options, this can lead to the user not knowing all of them properly and improperly configuring it.
         1. HTTP TRACE method is designed for diagnostic purposes. If enabled, can lead to info disclosure.
      • Lab: Authentication bypass via information disclosure
   9. Version Control
      1. Typically all website gets made using some form of version control, like Git. Git stores all the versions in a directory called .git . Sometimes this folder gets pushed to prod. So if that whole thing is downloaded, we can go through all the versions of that site. comparing the diff and all that.
      • Lab: Information disclosure in version control history