Questions tagged [information-exposure]
12 questions
32
votes
3 answers
Is it safe to share .git folder of a public repo?
Say I cloned a repo, then maybe worked on it a bit. Then I reverted/pushed all changes, so my friend has all the repo files. Is it safe for me to send him the .git folder? Is there any private information there, such as my username, my email,…
![](../../users/profiles/123249.webp)
Paul
- 583
- 5
- 8
22
votes
6 answers
Backend database username and password revealed in JSP Page
Recently I came across a website and when clicking on one of hyperlinks it displayed a HTTP 500 error page as shown in the image, which indicated that it is using Java Server Pages and on line 23 the code read as
Connection con =…
![](../../users/profiles/274261.webp)
Wasim Wani
- 322
- 1
- 8
7
votes
1 answer
Does WhatsApp's link preview on the link messages leak information?
When we want to send a message that contains only a link - such as a question from the Stack Exchange network - WhatsApp displays information from the website as below:
Does this leak information about what was sent, and from who, and to whom?
We…
![](../../users/profiles/86735.webp)
kelalaka
- 5,409
- 4
- 24
- 47
3
votes
0 answers
What is the Meow Attack and how can I guard my databases against it?
Recently, there has been some news articles about unsolicited attacks on unsecured public facing Elastic and Mongo databases. These are commonly being called "Meow" attacks, resulting in entire databases being deleted without ransom or warning.
My…
![](../../users/profiles/19699.webp)
MDMoore313
- 978
- 9
- 14
2
votes
3 answers
HttpResponse Headers Information Leakage on Server Error (Verbose Headers)
In the past I have dealt with security issues related to Default Service Banners/Verbose Headers/Information Leakage via HttpResponse Headers. These issues are quite common, and usually look something like this for an Asp.Net - IIS Server.
Server: …
![](../../users/profiles/190117.webp)
MattyMerrix
- 151
- 6
2
votes
1 answer
Cookies VS localStorage (JavaScript Security)
I know that HTTP requests made by the site get the browser's localStorage for a site, and document.cookie is encrypted for HTTPs websites, but I'm still wondering the risk of storing sensitive information, because even if the hacker got the…
![](../../users/profiles/269810.webp)
Parking Master
- 241
- 1
- 9
2
votes
1 answer
Which information is disclosed to a merchant when paying online with a credit card?
Several sites require me to input far too many personal details in order to register. This now includes phone numbers, which they have zero legitimate uses for - they are never used after the initial validation step - but when their database is…
![](../../users/profiles/269261.webp)
user269261
- 21
- 2
2
votes
2 answers
Getting real machine information from a virtual machine
If a malicious software gets into a virtual machine, what is the most information of the actual machine it can obtain?
![](../../users/profiles/240392.webp)
Paddy
- 123
- 5
1
vote
1 answer
Autofilling sensitive information for publicly available form
We are in the process of designing an app which, simply put, will allow people to accept payments easily.
The customer won't need an account and we'll be linking customer data (name, address, and phone) via emails used through their payments…
![](../../users/profiles/121956.webp)
Script47
- 217
- 1
- 11
0
votes
1 answer
I gave my first name and alt email to someone I don't know, will that reveal who I am?
So, I wanted to get this game (to try it as it had no demo), so I went to a website, did not click on anything except the link to the Google drive folder, and then stupidly requested access to a Google Drive folder using my alt Google account. My…
![](../../users/profiles/281008.webp)
KeyMeerkat
- 3
- 2
0
votes
1 answer
How do mobile apps share details with each other to show customized ads
My question is more towards how this is implemented. I mean do they expose apis to each other or store data at a common place to be accessed by others. Please excuse me if it seems too naive.
![](../../users/profiles/34823.webp)
ThankYouSRT
- 1,275
- 3
- 12
- 15
0
votes
0 answers
Does Asp.Net Core exposes too much information for required enums that were not supplied?
I have a simple code for an input model:
public class MyClass
{
[Required]
public MyEnum? Type { get; set; }
}
Now if I do not send Type as a part of json to the request, I get this error from Web.Api:
"The JSON value could not be…
![](../../users/profiles/36623.webp)
Ilya Chernomordik
- 2,197
- 1
- 21
- 36