A naukri.com initiative
Hackingblogs
3d
127
Image Credit: Hackingblogs
FREE NOTES API-HACKING DAY 3: Finding Anyones’s Location In crAPI Using EDE & Bola Bugs
- API-HACKING: Excessive Data Exposure bug occurs when an API returns more data than required for a user.
- Sensitive data may be exposed when APIs return unnecessary information.
- Examples of attack scenarios due to Excessive Data Exposure bug are discussed.
- Exploiting the vulnerability using crAPI to access private information is explained.
- Chaining Excessive Data Exposure with BOLA vulnerabilities to reveal car location is described.
- An attacker could exploit the two vulnerabilities to find someone's car location.
- Using Burp Suite, the attacker could access leaked sensitive data like VIN numbers and car locations.
- The Excessive Data Exposure flaw and BOLA weakness are exploited to gather information about a car's location.
- By chaining the vulnerabilities, the attacker successfully retrieves location details using the VIN number.
- The report highlights the risks of data exposure and methods for detecting and addressing security breaches.
- Real-time threat feeds are utilized to monitor for data exposure and potential impersonation risks.
- The platform offers alerts and reports on leaked data, importance of the breach, and steps to mitigate risks.
Read Full Article
7 Likes
For uninterrupted reading, download the app