Question

The IDOR vulnerabilities covered in Chapter 10 are a common way for applications to leak private information about users. But an attacker can uncover sensitive information from a target application in other ways too. I call these bugs information disclosure bugs. These bugs are common; in fact, they’re the type of bug I find most often while bug bounty hunting, even when I’m searching for other bug types.

本书第 10 章提到的 IDOR 漏洞是应用程序泄露用户私人信息的常见途径。但攻击者也可以通过其他方式获取目标应用程序的敏感信息。我将这些漏洞称为信息披露漏洞。这些漏洞很常见，事实上，它们是我在赏金猎人活动中最常发现的缺陷类型，即使我在寻找其他类型的缺陷时也是如此。

These bugs can happen in many ways, depending on the application. In this chapter, we’ll talk about a few ways you might manage to leak data from an application, and how you can maximize the chances of finding an information disclosure yourself. This chapter delves into some of the techniques mentioned in Chapter 5 , but with a focus on extracting sensitive and private information by using these techniques.

这些漏洞可能因应用程序的不同而发生。本章中，我们将讨论从应用程序泄露数据的一些方法，并介绍如何最大化发现信息泄露的机会。本章深入探讨了第 5 章提到的一些技术，但重点关注如何使用这些技术提取敏感和私人信息。