NOTE :
The file you uploaded is a Postman collection that contains various API requests, including some that involve sending data to a server with sensitive information, such as database credentials.
Identified Security Concerns:
Database Credentials in Plain Text:
In the requests, the DBUserName and DBPassword fields contain sensitive information like sa as the username and 123@123 as the password. Exposing such credentials in plaintext is a significant security risk, as anyone with access to the request payload could gain unauthorized access to the database.
Unencrypted HTTP:
The API endpoints are using http (not https), which means the data being transmitted, including the sensitive database credentials, could be intercepted during transmission. This is a critical vulnerability, especially when dealing with sensitive data.
Hardcoded Configuration:
The API requests contain hardcoded configurations, such as server names and connection strings. If this file is shared or exposed publicly, it could lead to security issues like unauthorized access.
Recommendations:
Use HTTPS:
Switch the protocol from http to https to ensure that all data is encrypted during transmission.
Remove or Secure Database Credentials:
Avoid hardcoding sensitive credentials like DBUserName and DBPassword in the request body. Instead, use environment variables or encrypted secrets management to handle sensitive data securely.
Audit API Security:
Review the security settings of the APIs to ensure they are not vulnerable to unauthorized access or injection attacks.
By addressing these security concerns, you can significantly improve the security of the system described in the Postman collection. Would you like further assistance on securing the API endpoints or any other specific part of the file?
exploit:
import requests
# URL API که قرار است به آن درخواست ارسال کنیم
url = "http://192.168.2.134:2030/api/Account/GetStatement"
# دادههایی که قرار است ارسال شوند (شامل نام کاربری و رمز عبور به صورت متنی)
payload = {
"StartVersion": "0",
"EndVersion": "",
"Domain": {
"AccountNumber": {"From": "", "To": "", "In": []},
"Date": {"From": "", "To": "", "In": []},
"AccountGuId": {"From": "", "To": "", "In": []},
"JobGuId": {"From": "", "To": "", "In": []},
"DocNo": {"From": "", "To": "", "In": []},
"Sort": {"From": "0", "To": "0", "In": []}
},
"Config": {
"Server": "PC-104\\shygun2017",
"AllowRowSecurity": False,
"Level": 0,
"DBUserName": "sa", # نام کاربری به صورت متنی
"DBPassword": "123@123", # رمز عبور به صورت متنی
"DataBaseName": "CY202001",
"AuthUser": "",
"AuthPassword": "",
"Language": 3
}
}
# ارسال درخواست HTTP بدون SSL (HTTP نه HTTPS)
response = requests.post(url, json=payload)
# بررسی وضعیت پاسخ
if response.status_code == 200:
print(f"Request successful, response: {response.text}")
else:
print(f"Request failed with status code {response.status_code}")
# بررسی اینکه آیا رمز عبور به صورت متنی در بدن درخواست وجود دارد
if "DBPassword" in payload["Config"]:
print("Warning: Sensitive information (DBPassword) is exposed in the request!")
# بررسی اینکه آیا از HTTP به جای HTTPS استفاده شده است
if url.startswith("http://"):
print("Warning: HTTP is being used instead of HTTPS, this is not secure!")