whoisrushi/gist:7e8d15c85221e3f708b7b480e04ab6ca Secret

## gistfile1.txt
Summary:

A sensitive data exposure vulnerability exists in the users.json file located in the /json/ directory. The file contains plaintext user credentials, including usernames, passwords, and personal addresses, and can be accessed without any authentication.
This allows any unauthenticated user to retrieve sensitive data directly from the web server.

Steps to Reproduce:

Open the following URL in a browser (no login required): http://localhost/GroceryMart/json/users.json

Observe that the file returns user details in plaintext:
{
"username": [
{
"firstname": "Rajesh",
"lastname": "Kumar",
"username": "Rajesh23",
"address": "A/23 Noida",
"password": "rajesh123"
},

Vendor of the product(s) info
Vendor/Developer: Komal97
GitHub Repository: Komal97/GroceryMart (https://github.com/Komal97/GroceryMart)

Affected product(s)/code base info

Product: GroceryMart
Affected File: /json/users.json
Version: Latest commit 21934e6 (Oct 23, 2020)

Impact:
An attacker can obtain the full list of user credentials (including plaintext passwords and addresses) without authentication.
This results in:

Unauthorized access to all user accounts
Potential identity theft and account compromise
Privacy and legal violations (PII exposure)
High reputational damage for the vendor
Affected Project:
GitHub Repository: Komal97/GroceryMart (https://github.com/Komal97/GroceryMart)
File Path: /json/users.json
Tested On: Latest commit 21934e6 (Oct 23, 2020)

Recommendation:

Remove users.json from any web-accessible directory.

Never store plaintext passwords — use secure hashing (e.g., bcrypt, Argon2).

Restrict direct access to JSON or data folders via server configuration:

Apache (.htaccess):

Deny from all

Nginx:

location /GroceryMart/json/ {
deny all;
}

Implement authentication and authorization checks before serving sensitive data.

Replace static JSON storage with a secure backend database.

Use environment-based configurations to prevent test data from leaking in production.

Discovered by:
Team DisclosureX
	Summary:

	A sensitive data exposure vulnerability exists in the users.json file located in the /json/ directory. The file contains plaintext user credentials, including usernames, passwords, and personal addresses, and can be accessed without any authentication.
	This allows any unauthenticated user to retrieve sensitive data directly from the web server.

	Steps to Reproduce:

	Open the following URL in a browser (no login required): http://localhost/GroceryMart/json/users.json

	Observe that the file returns user details in plaintext:
	{
	"username": [
	{
	"firstname": "Rajesh",
	"lastname": "Kumar",
	"username": "Rajesh23",
	"address": "A/23 Noida",
	"password": "rajesh123"
	},

	Vendor of the product(s) info
	Vendor/Developer: Komal97
	GitHub Repository: Komal97/GroceryMart (https://github.com/Komal97/GroceryMart)

	Affected product(s)/code base info

	Product: GroceryMart
	Affected File: /json/users.json
	Version: Latest commit 21934e6 (Oct 23, 2020)

	Impact:
	An attacker can obtain the full list of user credentials (including plaintext passwords and addresses) without authentication.
	This results in:

	Unauthorized access to all user accounts
	Potential identity theft and account compromise
	Privacy and legal violations (PII exposure)
	High reputational damage for the vendor
	Affected Project:
	GitHub Repository: Komal97/GroceryMart (https://github.com/Komal97/GroceryMart)
	File Path: /json/users.json
	Tested On: Latest commit 21934e6 (Oct 23, 2020)

	Recommendation:

	Remove users.json from any web-accessible directory.

	Never store plaintext passwords — use secure hashing (e.g., bcrypt, Argon2).

	Restrict direct access to JSON or data folders via server configuration:

	Apache (.htaccess):

	Deny from all

	Nginx:

	location /GroceryMart/json/ {
	deny all;
	}

	Implement authentication and authorization checks before serving sensitive data.

	Replace static JSON storage with a secure backend database.

	Use environment-based configurations to prevent test data from leaking in production.

	Discovered by:
	Team DisclosureX
No results found