Skip to main content

Technical information leak - Logs

Description

The application has an HTML file that displays a LOG of the system. In the event that this page is accessible by users, they will be able to know information about the system.

Impact

Understand how the system works from the messages stored in the Log and generate an attack against the system based on this knowledge.

Recommendation

Avoid exposing system information in files that can be accessed by third parties.

Threat

External attacker from the Internet.

Expected Remediation Time

⌚ 30 minutes.

Score

Default score using CVSS 3.1. It may change depending on the context of the vulnerability.

Base

  • Attack vector: L
  • Attack complexity: L
  • Privileges required: N
  • User interaction: N
  • Scope: U
  • Confidentiality: L
  • Integrity: N
  • Availability: N

Temporal

  • Exploit code madurity: P
  • Remediation level: O
  • Report confidence: U

Result

  • Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:U
  • Score:
    • Base: 4.0
    • Temporal: 3.3
  • Severity:
    • Base: Medium
    • Temporal: Low

Code Examples

Compliant code

Delete all logging functions in the production source code

Non compliant code

The source code contains a file that could potentially display system logs

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
<script type="text/javascript">
(function () {
var old = system.log;
var logger = document.getElementById('log');
old = function (message) {
if (typeof message == 'object') {
logger.innerHTML += (JSON && JSON.stringify ? JSON.stringify(message) : message) + '<br />';
} else {
logger.innerHTML += message + '<br />';
}
}
})();
</script>
</body>
</html>

Requirements