Information disclosure in error messages

-

In this lab, the objective was to identify sensitive information exposed through unhandled application errors. Using Burp Suite, HTTP requests were intercepted while browsing product pages. Each request contained a productId parameter, which was observed in the intercepted traffic within the proxy history. The request GET /product?productId=1 was selected for further testing and sent to Burp Repeater to allow controlled modification and analysis of the parameter behavior.

In Burp Repeater, the productId parameter was modified from its expected integer value to a non-numeric format (1/2). This alteration was used to test how the backend handles unexpected input types. The application failed to process the request correctly and triggered an unhandled exception. Instead of returning a controlled error response, the server generated and returned a detailed stack trace in the HTTP response.

The stack trace contained internal application information that is typically restricted in production environments. This included details about the backend framework and runtime behavior. The presence of verbose error output indicated that exception handling was not properly configured to suppress debug information from being exposed to the client.


Further inspection of the error response revealed that the application was running on Apache Struts version 2.3.31. This information is considered sensitive in a security context because it discloses the exact framework and version in use. Such details can assist an attacker in identifying known vulnerabilities associated with that specific software version.

This vuln increases the attack surface by revealing implementation details that can be used for further exploitation. Mitigation requires implementing proper input validation, centralized exception handling, and suppression of stack traces in user-facing responses. Error details should be logged server-side only, while clients should receive generic and non-technical error messages.

Comments

Post a Comment

Popular posts from this blog

Linux AAA

-
Image
Linux AAA Authentication What it means: Authentication verifies who the user is . How it works in Linux: When you log in, Linux checks your credentials (usually username + password) against /etc/passwd and /etc/shadow . /etc/passwd stores user information (username, UID, GID, shell, home directory). /etc/shadow stores hashed passwords and password expiration info, readable only by root. Common authentication methods: Local authentication: Using /etc/passwd and /etc/shadow . Remote authentication: Using services like: LDAP (Lightweight Directory Access Protocol) – centralized user management. Kerberos – provides secure, ticket-based authentication. RADIUS – used in network access (VPNs, Wi-Fi, etc.). PAM (Pluggable Authentication Modules) – modular framework used by Linux for integrating different authentication methods. Example PAM file location: /etc/pam.d/ Each service (like SSH, sudo, login) has its own PAM configuration file.
Read more

Peppermint Ticketing Software for help desk technicians.

-
Image
Peppermint Ticketing Peppermint is a modern, open-source help desk and issue tracking system built for IT teams, MSPs, and internal support departments that want a self-hosted, lightweight, and privacy-controlled solution. Peppermint prioritizes: Simplicity and speed Developer freedom Data sovereignty Low infrastructure footprint It’s designed for small to medium-sized teams who want something modern, minimalistic, and powerful — without being locked into enterprise subscriptions or bulky frameworks. Architecture Overview Peppermint’s backend is written primarily in TypeScript (Node.js) , with a PostgreSQL database and a React-based frontend . This makes it modular, fast, and compatible with modern deployment standards such as Docker , Kubernetes , and cloud instances (AWS, Linode, DigitalOcean, etc.). Architecture Components Component Technology / Purpose Backend  => Node.js (Express / Nest-like structure) Database  => PostgreSQL (relational, handles ti...
Read more

What is Osint?

-
 Open-Source Intelligence (OSINT) refers to the process of collecting, analyzing, and utilizing publicly available data from a wide variety of sources to gather intelligence. These sources can range from publicly accessible information on the internet to data from newspapers, government reports, databases, and even geospatial information. The key distinction of OSINT is that it does not involve covert or illegal methods of gathering information but rather focuses on using data that is readily available to the public, sometimes even through commercial or open platforms. Examples of OSINT data can be gathered from a wide array of open and accessible sources. Some key examples include: Social Media: Publicly available posts, images, videos, and profiles from platforms like Facebook, Twitter, LinkedIn, Instagram, and TikTok. These platforms can reveal personal details about individuals, locations, affiliations, and even plans for upcoming events. News Websites and Online Articles: Ne...
Read more