Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update to sensitive data in localStorage #547

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Update to sensitive data in localStorage #547

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
023a3d6
Update to sensitive data in localstorage
RRudder Jan 23, 2025
be70924
Updated wording in template.md
RRudder Jan 23, 2025
1a498d0
Updated Steps to Reproduce
RRudder Jan 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 5 additions & 10 deletions ...e_data_exposure/via_localstorage_sessionstorage/non_sensitive_token/template.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,23 +1,18 @@
Local storage, also known as offline, web, or session storage, is the underlying storage mechanism which varies from one user agent to the next. This application discloses a non-sensitive token in the local storage which is accessible by JavaScript. As a result, the token can be captured by an attacker using Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF), allowing them to gather relevant user data and leverage this information to build phishing campaigns.
Local storage, also known as offline, web, or session storage, is the underlying storage mechanism which varies from one user agent to the next. This application discloses a non-sensitive token in the `localStorage`/`sessionStorage` which is accessible by JavaScript. As a result, the token can be captured by an attacker using Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF), allowing them to gather relevant user data and leverage this information to build phishing campaigns.

**Business Impact**

This vulnerability can lead to data theft through the attacker’s ability to access and manipulate sensitive data through their access to the application's local session. These malicious actions can result in reputational damage for the business through the impact to customers’ trust.

**Steps to Reproduce**

1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
1. Use a browser to navigate to: {{URL}}
1. Using the HTTP interception proxy, forward the following request:

```HTTP
{{request}}
```

1. Observe the exposed sensitive token
1. Right click on the page, select Inspect, then select Storage, then Local (or Session) Storage
1. Observe the exposed sensitive token: {{screenshot}}
1. In a new private browser window, perform {{action}} to show that the token in `localStorage`/`sessionStorage` can be used to access a user's session or data: {{replace these brackets with a screenshot}}

**Proof of Concept (PoC)**

The following screenshot shows the non-sensitive token exposed via the local storage:
The following screenshot shows the non-sensitive token exposed via the `localStorage`/`sessionStorage`:

{{screenshot}}
15 changes: 5 additions & 10 deletions ...itive_data_exposure/via_localstorage_sessionstorage/sensitive_token/template.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,23 +1,18 @@
Local storage, also known as offline, web, or session storage, is the underlying storage mechanism which varies from one user agent to the next. This application discloses a sensitive token in the local storage which is accessible by JavaScript. As a result, the sensitive token can be captured by an attacker using Cross-Site Scripting (XSS), allowing them to locally reset a legitimate user’s account password to one they control, successfully taking over the user’s account.
Local storage, also known as offline, web, or session storage, is the underlying storage mechanism which varies from one user agent to the next. This application discloses a sensitive token in the `localStorage`/`sessionStorage` which is accessible by JavaScript. As a result, the sensitive token can be captured by an attacker using Cross-Site Scripting (XSS), allowing them to locally reset a legitimate user’s account password to one they control, successfully taking over the user’s account.

**Business Impact**

This vulnerability can lead to data theft through the attacker’s ability to manipulate data through their access to the application, and their ability to interact with other users, including performing other malicious attacks, which would appear to originate from a legitimate user. These malicious actions could also result in reputational damage for the business through the impact to customers’ trust.

**Steps to Reproduce**

1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
1. Use a browser to navigate to: {{URL}}
1. Using the HTTP interception proxy, forward the following request:

```HTTP
{{request}}
```

1. Observe the exposed sensitive token
1. Right click on the page, select Inspect, then select Storage, then Local (or Session) Storage
1. Observe the exposed sensitive token: {{screenshot}}
1. In a new private browser window, perform {{action}} to show that the token in `localStorage`/`sessionStorage` can be used to access a user's session or data: {{replace these brackets with a screenshot}}

**Proof of Concept (PoC)**

The following screenshot shows the sensitive token exposed via the local storage:
The following screenshot shows the sensitive token exposed via the `localStorage`/`sessionStorage`:

{{screenshot}}
15 changes: 5 additions & 10 deletions ...description/sensitive_data_exposure/via_localstorage_sessionstorage/template.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,23 +1,18 @@
Local storage, also known as offline, web, or session storage, is the underlying storage mechanism which varies from one user agent to the next. This application discloses sensitive data in the local storage which is accessible by JavaScript. As a result, the sensitive data can be captured by an attacker using Cross-Site Scripting (XSS), allowing them to locally access the sensitive data and use it in further attacks.
Local storage, also known as offline, web, or session storage, is the underlying storage mechanism which varies from one user agent to the next. This application discloses sensitive data in the `localStorage`/`sessionStorage` which is accessible by JavaScript. As a result, the sensitive data can be captured by an attacker using Cross-Site Scripting (XSS), allowing them to locally access the sensitive data and use it in further attacks.

**Business Impact**

This vulnerability can lead to data theft through the attacker’s ability to access and manipulate sensitive data through their access to the application's local session. These malicious actions can result in reputational damage for the business through the impact to customers’ trust.

**Steps to Reproduce**

1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
1. Use a browser to navigate to: {{URL}}
1. Using the HTTP interception proxy, forward the following request:

```HTTP
{{request}}
```

1. Observe the exposed sensitive data
1. Right click on the page, select Inspect, then select Storage, then Local (or Session) Storage
1. Observe the exposed sensitive token: {{screenshot}}
1. In a new private browser window, perform {{action}} to show that the token in `localStorage`/`sessionStorage` can be used to access a user's session or data: {{replace these brackets with a screenshot}}

**Proof of Concept (PoC)**

The following screenshot shows the sensitive data exposed via the local storage:
The following screenshot shows the sensitive data exposed via the `localStorage`/`sessionStorage`:

{{screenshot}}
Loading