Update to sensitive data in localstorage

Author: RRudder

submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/non_sensitive_token/template.md

@@ -1,23 +1,18 @@
-Local storage, also known as offline, web, or session storage, is the underlying storage mechanism which varies from one user agent to the next. This application discloses a non-sensitive token in the local storage which is accessible by JavaScript. As a result, the token can be captured by an attacker using Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF), allowing them to gather relevant user data and leverage this information to build phishing campaigns.
+Local storage, also known as offline, web, or session storage, is the underlying storage mechanism which varies from one user agent to the next. This application discloses a non-sensitive token in the `localStorage`/`sessionStorage` which is accessible by JavaScript. As a result, the token can be captured by an attacker using Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF), allowing them to gather relevant user data and leverage this information to build phishing campaigns.
 
 **Business Impact**
 
 This vulnerability can lead to data theft through the attacker’s ability to access and manipulate sensitive data through their access to the application's local session. These malicious actions can result in reputational damage for the business through the impact to customers’ trust.
 
 **Steps to Reproduce**
 
-1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
 1. Use a browser to navigate to: {{URL}}
-1. Using the HTTP interception proxy, forward the following request:
-
-```HTTP
-{{request}}
-```
-
-1. Observe the exposed sensitive token
+1. Right click on the page, select Inspect, then select Storage, then Local (or Session) Storage
+1. Observe the exposed sensitive token: {{screenshot}}
+1. In a new browser window, perform {{action}} to show that the token in `localStorage`/`sessionStorage` can be used to generate a user session: {{screenshot}}
 
 **Proof of Concept (PoC)**
 
-The following screenshot shows the non-sensitive token exposed via the local storage:
+The following screenshot shows the non-sensitive token exposed via the `localStorage`/`sessionStorage`:
 
 {{screenshot}}

submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/sensitive_token/template.md

@@ -1,23 +1,18 @@
-Local storage, also known as offline, web, or session storage, is the underlying storage mechanism which varies from one user agent to the next. This application discloses a sensitive token in the local storage which is accessible by JavaScript. As a result, the sensitive token can be captured by an attacker using Cross-Site Scripting (XSS), allowing them to locally reset a legitimate user’s account password to one they control, successfully taking over the user’s account.
+Local storage, also known as offline, web, or session storage, is the underlying storage mechanism which varies from one user agent to the next. This application discloses a sensitive token in the `localStorage`/`sessionStorage` which is accessible by JavaScript. As a result, the sensitive token can be captured by an attacker using Cross-Site Scripting (XSS), allowing them to locally reset a legitimate user’s account password to one they control, successfully taking over the user’s account.
 
 **Business Impact**
 
 This vulnerability can lead to data theft through the attacker’s ability to manipulate data through their access to the application, and their ability to interact with other users, including performing other malicious attacks, which would appear to originate from a legitimate user. These malicious actions could also result in reputational damage for the business through the impact to customers’ trust.
 
 **Steps to Reproduce**
 
-1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
 1. Use a browser to navigate to: {{URL}}
-1. Using the HTTP interception proxy, forward the following request:
-
-```HTTP
-{{request}}
-```
-
-1. Observe the exposed sensitive token
+1. Right click on the page, select Inspect, then select Storage, then Local (or Session) Storage
+1. Observe the exposed sensitive token: {{screenshot}}
+1. In a new browser window, perform {{action}} to show that the token in `localStorage`/`sessionStorage` can be used to generate a user session: {{screenshot}}
 
 **Proof of Concept (PoC)**
 
-The following screenshot shows the sensitive token exposed via the local storage:
+The following screenshot shows the sensitive token exposed via the `localStorage`/`sessionStorage`:
 
 {{screenshot}}

submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/template.md

@@ -1,23 +1,18 @@
-Local storage, also known as offline, web, or session storage, is the underlying storage mechanism which varies from one user agent to the next. This application discloses sensitive data in the local storage which is accessible by JavaScript. As a result, the sensitive data can be captured by an attacker using Cross-Site Scripting (XSS), allowing them to locally access the sensitive data and use it in further attacks.
+Local storage, also known as offline, web, or session storage, is the underlying storage mechanism which varies from one user agent to the next. This application discloses sensitive data in the `localStorage`/`sessionStorage` which is accessible by JavaScript. As a result, the sensitive data can be captured by an attacker using Cross-Site Scripting (XSS), allowing them to locally access the sensitive data and use it in further attacks.
 
 **Business Impact**
 
 This vulnerability can lead to data theft through the attacker’s ability to access and manipulate sensitive data through their access to the application's local session. These malicious actions can result in reputational damage for the business through the impact to customers’ trust.
 
 **Steps to Reproduce**
 
-1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
 1. Use a browser to navigate to: {{URL}}
-1. Using the HTTP interception proxy, forward the following request:
-
-```HTTP
-{{request}}
-```
-
-1. Observe the exposed sensitive data
+1. Right click on the page, select Inspect, then select Storage, then Local (or Session) Storage
+1. Observe the exposed sensitive token: {{screenshot}}
+1. In a new browser window, perform {{action}} to show that the token in `localStorage`/`sessionStorage` can be used to generate a user session: {{screenshot}}
 
 **Proof of Concept (PoC)**
 
-The following screenshot shows the sensitive data exposed via the local storage:
+The following screenshot shows the sensitive data exposed via the `localStorage`/`sessionStorage`:
 
 {{screenshot}}