Tag: information-disclosure
All the articles with the tag "information-disclosure".
-
Reading Secrets From the Browser: The NEXT_PUBLIC_ Trap in Next.js
Exploiting a misused NEXT_PUBLIC_ environment variable in OopsSec Store to recover a payment secret embedded in the client JavaScript bundle.
-
Leaking Secrets Through Error Messages: Exploiting a Verbose API Debug Response
A data export endpoint dumps system diagnostics when it hits an invalid field. Feed it garbage, read the debug output, grab the flag.
-
Plaintext Password Exposure: Exploiting Server Logs via a Hidden SIEM Interface
Exploiting a forgotten debug statement that logs plaintext passwords and a hidden SIEM dashboard with hardcoded credentials to retrieve a flag.
