I know where you live: leveraging OSINT on municipal databases for fun and profit
Open source intelligence (OSINT) is an intelligence technique that uses automated tools to sift through open data sources in order to detect actionable signals. Of special interest, government databases are especially ripe with valuable information, which is often "secured" by the means of a search interface which restricts the ability to copy and freely analyse the data.
Sadly, many implementations of such systems fail to protect against automation, and as such, are vulnerable to tool-assisted reconstruction of the underlying database.
The City of Rimouski's taxation role query interface is such a system. It is available at the following address:
https://rimouski.maps.arcgis.com/apps/webappviewer/index.html?id=1b3866ae746c48b6895c38993ba499db
The city of Rimouski's tax evaluation ArcGIS webapp
Readily, we can deduce that it is an ArcGIS application. Every ArgGIS application comes with a REST API that is uniquely identified using the app's ID, here 1b3866ae746c48b6895c38993ba499db
Confirming that we can access the city's REST API here: https://www.arcgis.com/sharing/rest/content/items/1b3866ae746c48b6895c38993ba499db/data
This gives us the following metadata:
{"theme":{"name":"FoldableTheme","styles":["yellow","default","black","blue","cyan","green","purple","red"],"version":"2.16","sharedTheme":{"isPortalSupport":true,"useHeader":false,"useLogo":false},"customStyles":{"mainBackgroundColor":"#68859b"}},"portalUrl":"https://rimouski.maps.arcgis.com","appId":"","authorizedCrossOriginDomains":[],"title":"Consultation du rôle d’évaluation","subtitle":"","keepAppState":true,"logo":"https://rimouski.maps.arcgis.com/sharing/rest/content/items/${itemId}/resources/inConfig/8578948994797033.png","geometryService":"https://utility.arcgisonline.com/arcgis/rest/services/Geometry/GeometryServer","links":[],"widgetOnScreen":{"widgets":[{"uri":"themes/FoldableTheme/widgets/HeaderController/Widget","position":{"left":0,"top":0,"right":0,"height":40,"relativeTo":"browser"},"version":"2.18","id":"themes_FoldableTheme_widgets_HeaderController_Widget_1","name":"HeaderController"},{"uri":"widgets/Scalebar/Widget","position":{"left":7,"bottom":25,"relativeTo":"map"},"version":"2.18","id":"widgets_Scalebar_Widget_2","name":"Scalebar"},{"uri":"widgets/Search/Widget","position":{"left":55,"top":5,"relativeTo":"map"},"version":"2.18","id":"widgets_Search_Widget_3","name":"Search","config":{"allPlaceholder":"Recherche de Lot, Adresse ou Matricule","showInfoWindowOnSelect":false,"sources":[{"layerId":"Interrogation_du_role_6765","url":"https://utility.arcgis.com/usrsvcs/servers/82531d9f6c97453eb2e42afd8b4ec6bf/rest/services/Interrogation_du_role/FeatureServer/8","name":"Lot","placeholder":"","searchFields":["NOLOT"],"displayField":"NOLOT","exactMatch":false,"searchInCurrentMapExtent":false,"panToScale":false,"zoomScale":null,"maxSuggestions":6,"maxResults":6,"type":"query"},{"layerId":"Interrogation_du_role_5362","url":"https://utility.arcgis.com/usrsvcs/servers/82531d9f6c97453eb2e42afd8b4ec6bf/rest/services/Interrogation_du_role/FeatureServer/7","name":"Adresse","placeholder":"","searchFields":["NoCivique","Voie","Adresse_conca","Adresse_alt1","Adresse_alt2","Adresse_UEV"],"displayField":"Adresse_alt1","exactMatch":false,"searchInCurrentMapExtent":false,"panToScale":false,"zoomScale":null,"maxSuggestions":6,"maxResults":6,"type":"query"},{"layerId":"Interrogation_du_role_5362","url":"https://utility.arcgis.com/usrsvcs/servers/82531d9f6c97453eb2e42afd8b4ec6bf/rest/services/Interrogation_du_role/FeatureServer/7","name":"Matricule","placeholder":"","searchFields":["NUMEROMATRICULE","MAT_Complet"],"displayField":"NUMEROMATRICULE","exactMatch":false,"searchInCurrentMapExtent":false,"panToScale":false,"zoomScale":null,"maxSuggestions":6,"maxResults":6,"type":"query"}]}},{"uri":"widgets/Coordinate/Widget","position":{"left":7,"bottom":5,"relativeTo":"map"},"version":"2.18","id":"widgets_Coordinate_Widget_4","name":"Coordinate"},{"position":{"left":55,"top":45,"relativeTo":"map"},"placeholderIndex":1,"id":"_5","name":"Legend","version":"2.18","closeable":true,"uri":"widgets/Legend/Widget","config":{"legend":{"arrangement":0,"autoUpdate":true,"respectCurrentMapScale":true},"layerState":{},"syncWithWebmap":false,"showLegendForBasemap":false}},{"position":{"left":105,"top":45,"relativeTo":"map"},"placeholderIndex":1,"id":"_6","name":"BasemapGallery","version":"2.18","closeable":true,"uri":"widgets/BasemapGallery/Widget","config":{"basemapGallery":{"mode":1,"basemaps":[]}}},{"position":{"left":155,"top":45,"relativeTo":"map"},"placeholderIndex":1,"id":"_7","name":"Print","version":"2.18","closeable":true,"uri":"widgets/Print/Widget","config":{"serviceURL":"https://carte.ville.rimouski.qc.ca/arcgis/rest/services/Impression/GPServer/Impression%20web","defaultTitle":"Interrogation du rôle","defaultAuthor":"Ville de Rimouski","defaultCopyright":"","defaultFormat":"PDF","defaultLayout":"Web_LETTRE_Paysage","copyrightEditable":false}},{"position":{"left":205,"top":45,"relativeTo":"map"},"placeholderIndex":1,"id":"_8","name":"Measurement","version":"2.18","closeable":true,"uri":"widgets/Measurement/Widget","config":{"measurement":{"defaultAreaUnit":"esriSquareMeters","defaultLengthUnit":"esriMeters"},"showArea":false,"showDistance":true,"showLocation":false,"defaultAreaUnit":"esriSquareKilometers","defaultLengthUnit":"esriKilometers","isOperationalLayer":false}},{"position":{"left":255,"top":45,"relativeTo":"map"},"placeholderIndex":1,"id":"_9"},{"uri":"widgets/OverviewMap/Widget","position":{"bottom":0,"right":0,"zIndex":1,"relativeTo":"map"},"version":"2.18","id":"widgets_OverviewMap_Widget_10","name":"OverviewMap"},{"uri":"widgets/HomeButton/Widget","position":{"left":7,"top":75,"relativeTo":"map"},"version":"2.18","id":"widgets_HomeButton_Widget_11","name":"HomeButton"},{"uri":"widgets/MyLocation/Widget","position":{"left":7,"top":110,"relativeTo":"map"},"version":"2.18","id":"widgets_MyLocation_Widget_12","name":"MyLocation"},{"uri":"widgets/AttributeTable/Widget","position":{"relativeTo":"browser"},"version":"2.18","id":"widgets_AttributeTable_Widget_13","name":"AttributeTable","config":{"layerInfos":[],"table":{"pageSizeOptions":[25,50,100,1000]},"hideExportButton":true,"initiallyExpand":false,"filterByMapExtent":true,"allowTextSelection":true,"syncWithLayers":false},"visible":false},{"uri":"widgets/Splash/Widget","visible":false,"position":{"relativeTo":"browser"},"version":"2.18","id":"widgets_Splash_Widget_14","name":"Splash"},{"uri":"widgets/ZoomSlider/Widget","position":{"top":5,"left":7,"relativeTo":"map"},"version":"2.18","id":"widgets_ZoomSlider_Widget_15","name":"ZoomSlider"},{"uri":"widgets/ExtentNavigate/Widget","visible":false,"position":{"top":190,"left":7,"relativeTo":"map"},"id":"widgets_ExtentNavigate_Widget_16","name":"ExtentNavigate","version":"2.18"},{"uri":"widgets/FullScreen/Widget","visible":false,"position":{"top":150,"left":7,"relativeTo":"map"},"version":"2.18","id":"widgets_FullScreen_Widget_17","name":"FullScreen"}],"panel":{"uri":"jimu/OnScreenWidgetPanel","position":{"relativeTo":"map"}}},"map":{"3D":false,"2D":true,"position":{"left":0,"top":40,"right":0,"bottom":0},"itemId":"d333fd14cdd04df0b149b679541cd24e","mapOptions":{},"id":"map","portalUrl":"https://rimouski.maps.arcgis.com","appProxy":{"mapItemId":"d333fd14cdd04df0b149b679541cd24e","proxyItems":[]}},"widgetPool":{"panel":{"uri":"themes/FoldableTheme/panels/FoldablePanel/Panel","position":{"top":5,"right":5,"bottom":5,"zIndex":5,"relativeTo":"map"}},"widgets":[],"groups":[]},"mobileLayout":{"widgetOnScreen":{"widgets":{"widgets/Scalebar/Widget":{"position":{"left":7,"bottom":40},"version":"1.4"},"widgets/Coordinate/Widget":{"position":{"left":7,"bottom":17},"version":"1.4"}}}},"loadingPage":{"backgroundColor":"#508dca","backgroundImage":{"visible":false},"loadingGif":{"visible":true,"uri":"configs/loading/images/predefined_loading_1.gif","width":58,"height":29}},"wabVersion":"2.18","_buildInfo":{"widgetManifestsMerged":true},"isWebTier":false,"httpProxy":{"useProxy":true,"url":"https://rimouski.maps.arcgis.com/sharing/proxy"},"dataSource":{"dataSources":{},"settings":{}},"logoAlt":"","logoLink":"","appItemId":"1b3866ae746c48b6895c38993ba499db"}
Looking at the item data endpoints, we find the following ID d333fd14cdd04df0b149b679541cd24e, which gives us another endpoint:https://www.arcgis.com/sharing/rest/content/items/d333fd14cdd04df0b149b679541cd24e/data
Which gives the following JSON:
{"operationalLayers":[{"id":"Interrogation_du_role_9993","layerType":"ArcGISFeatureLayer","url":"https://utility.arcgis.com/usrsvcs/servers/82531d9f6c97453eb2e42afd8b4ec6bf/rest/services/Interrogation_du_role/FeatureServer/11","visibility":true,"opacity":1,"mode":1,"title":"Toponymie","itemId":"82531d9f6c97453eb2e42afd8b4ec6bf","layerDefinition":{"drawingInfo":{"renderer":{"type":"simple","label":"","description":"","symbol":{"color":null,"width":0.75,"type":"esriSLS","style":"esriSLSNull"}},"labelingInfo":[{"labelExpression":null,"labelExpressionInfo":{"expression":"$feature[\"TextString\"]","value":"{TextString}"},"useCodedValues":true,"maxScale":0,"minScale":0,"where":null,"labelPlacement":"esriServerLinePlacementCenterAlong","symbol":{"color":[51,51,51,255],"type":"esriTS","backgroundColor":null,"borderLineColor":null,"haloSize":0,"haloColor":null,"horizontalAlignment":"center","rightToLeft":false,"angle":0,"xoffset":0,"yoffset":0,"text":"","rotated":false,"kerning":true,"font":{"size":9,"style":"normal","decoration":"none","weight":"bold","family":"Arial"}}}]}},"showLabels":true,"disablePopup":true},{"id":"Interrogation_du_role_8183","layerType":"ArcGISFeatureLayer","url":"https://utility.arcgis.com/usrsvcs/servers/82531d9f6c97453eb2e42afd8b4ec6bf/rest/services/Interrogation_du_role/FeatureServer/10","visibility":true,"opacity":1,"mode":1,"title":"Superficie Uev","itemId":"82531d9f6c97453eb2e42afd8b4ec6bf","layerDefinition":{"drawingInfo":{"renderer":{"type":"simple","label":"","description":"","symbol":{"color":null,"width":0.75,"type":"esriSLS","style":"esriSLSNull"}},"labelingInfo":[{"labelExpression":null,"labelExpressionInfo":{"expression":"$feature[\"TextString\"]","value":"{TextString}"},"useCodedValues":true,"maxScale":0,"minScale":0,"where":null,"labelPlacement":"esriServerLinePlacementCenterAlong","symbol":{"color":[255,0,0,255],"type":"esriTS","backgroundColor":null,"borderLineColor":null,"haloSize":0,"haloColor":null,"horizontalAlignment":"center","rightToLeft":false,"angle":0,"xoffset":0,"yoffset":0,"text":"","rotated":false,"kerning":true,"font":{"size":12,"style":"normal","decoration":"none","weight":"bold","family":"Arial"}}}]}},"showLabels":true,"disablePopup":true},{"id":"Interrogation_du_role_9242","layerType":"ArcGISFeatureLayer","url":"https://utility.arcgis.com/usrsvcs/servers/82531d9f6c97453eb2e42afd8b4ec6bf/rest/services/Interrogation_du_role/FeatureServer/9","visibility":true,"opacity":1,"mode":1,"title":"Matricule Uev","itemId":"82531d9f6c97453eb2e42afd8b4ec6bf","layerDefinition":{"drawingInfo":{"renderer":{"type":"simple","label":"","description":"","symbol":{"color":null,"width":0.75,"type":"esriSLS","style":"esriSLSNull"}},"labelingInfo":[{"labelExpression":null,"labelExpressionInfo":{"expression":"$feature[\"TextString\"]","value":"{TextString}"},"useCodedValues":true,"maxScale":0,"minScale":0,"where":null,"labelPlacement":"esriServerLinePlacementCenterAlong","symbol":{"color":[255,0,0,255],"type":"esriTS","backgroundColor":null,"borderLineColor":null,"haloSize":0,"haloColor":null,"horizontalAlignment":"center","rightToLeft":false,"angle":0,"xoffset":0,"yoffset":0,"text":"","rotated":false,"kerning":true,"font":{"size":9.75,"style":"normal","decoration":"none","weight":"bold","family":"Arial"}}}]}},"showLabels":true,"disablePopup":true},
{"id":"Interrogation_du_role_6765","layerType":"ArcGISFeatureLayer","url":"https://utility.arcgis.com/usrsvcs/servers/82531d9f6c97453eb2e42afd8b4ec6bf/rest/services/Interrogation_du_role/FeatureServer/8","visibility":true,"opacity":1,"mode":1,"title":"Lot","itemId":"82531d9f6c97453eb2e42afd8b4ec6bf","popupInfo":{"title":"Lot:","fieldInfos":[{"fieldName":"NOLOT","label":"No de lot","isEditable":true,"visible":true,"stringFieldOption":"textbox"},{"fieldName":"OBJECTID","label":"OBJECTID","isEditable":false,"visible":false},{"fieldName":"NOM","label":"NOM","isEditable":true,"visible":false,"stringFieldOption":"textbox"},{"fieldName":"LOT_IDG","label":"Lot IDG","isEditable":true,"visible":false,"format":{"places":0,"digitSeparator":true}},{"fieldName":"LIMITECADASTRALE_IDG","label":"LimiteCadastrale IDG","isEditable":true,"visible":false,"format":{"places":0,"digitSeparator":true}},{"fieldName":"UTILISATEURCREATION","label":"Utilisateur création","isEditable":true,"visible":false,"stringFieldOption":"textbox"},{"fieldName":"DATECREATION","label":"Date création","isEditable":true,"visible":false,"format":{"dateFormat":"shortDateShortTime","timezone":"utc"}},{"fieldName":"UTILISATEURMODIFICATION","label":"Utilisateur modification","isEditable":true,"visible":false,"stringFieldOption":"textbox"},{"fieldName":"DATEMODIFICATION","label":"Date modification","isEditable":true,"visible":false,"format":{"dateFormat":"shortDateShortTime","timezone":"utc"}},{"fieldName":"METHODECAPTAGEID","label":"ID méthode captage","isEditable":true,"visible":false,"stringFieldOption":"textbox"},{"fieldName":"CODECADASTRE","label":"Code du cadastre","isEditable":true,"visible":false,"format":{"places":0,"digitSeparator":true}},{"fieldName":"IDLOTS","label":"IDLOTS","isEditable":true,"visible":false,"format":{"places":0,"digitSeparator":true}},{"fieldName":"TYPELOT","label":"TYPELOT","isEditable":true,"visible":false,"stringFieldOption":"textbox"},{"fieldName":"TYPECADASTRE","label":"TYPECADASTRE","isEditable":true,"visible":false,"stringFieldOption":"textbox"},{"fieldName":"UNITE","label":"UNITE","isEditable":true,"visible":false,"stringFieldOption":"textbox"},{"fieldName":"ECHELLE","label":"ECHELLE","isEditable":true,"visible":false,"stringFieldOption":"textbox"},{"fieldName":"INDICTRAITEMENT","label":"INDICTRAITEMENT","isEditable":true,"visible":false,"format":{"places":0,"digitSeparator":true}},{"fieldName":"INDICCARACT","label":"INDICCARACT","isEditable":true,"visible":false,"format":{"places":0,"digitSeparator":true}},{"fieldName":"SUPERFICIE","label":"SUPERFICIE","isEditable":true,"visible":false,"stringFieldOption":"textbox"},{"fieldName":"SOURCE","label":"SOURCE","isEditable":true,"visible":false,"stringFieldOption":"textbox"},{"fieldName":"REMARQUES","label":"REMARQUES","isEditable":true,"visible":false,"stringFieldOption":"textbox"},{"fieldName":"created_user","label":"created_user","isEditable":false,"visible":false,"stringFieldOption":"textbox"},{"fieldName":"created_date","label":"created_date","isEditable":false,"visible":false,"format":{"dateFormat":"shortDateShortTime","timezone":"utc"}},{"fieldName":"last_edited_user","label":"last_edited_user","isEditable":false,"visible":false,"stringFieldOption":"textbox"},{"fieldName":"last_edited_date","label":"last_edited_date","isEditable":false,"visible":false,"format":{"dateFormat":"shortDateShortTime","timezone":"utc"}},{"fieldName":"Shape__Area","label":"Shape__Area","isEditable":false,"visible":false,"format":{"places":2,"digitSeparator":true}},{"fieldName":"Shape__Length","label":"Shape__Length","isEditable":false,"visible":false,"format":{"places":2,"digitSeparator":true}}],"description":null,"showAttachments":false,"mediaInfos":[]}}, {"id":"Interrogation_du_role_5362","layerType":"ArcGISFeatureLayer","url":"https://utility.arcgis.com/usrsvcs/servers/82531d9f6c97453eb2e42afd8b4ec6bf/rest/services/Interrogation_du_role/FeatureServer/7","visibility":true,"opacity":1,"mode":1,"title":"Unités d'évaluation","itemId":"82531d9f6c97453eb2e42afd8b4ec6bf","layerDefinition":{"minScale":24234,"maxScale":0},"popupInfo":{"title":"","fieldInfos":[{"fieldName":"OBJECTID","label":"OBJECTID","isEditable":false,"tooltip":"","visible":false,"stringFieldOption":"textbox"},{"fieldName":"DIMENSIONFRONTALE","label":"Dimension frontale","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox","format":{"places":2,"digitSeparator":true}},{"fieldName":"DIMENSIONPROFONDEUR","label":"Dimension profondeur","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox","format":{"places":2,"digitSeparator":true}},{"fieldName":"NUMEROMATRICULE","label":"Numéro de matricule","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox"},{"fieldName":"SUPERFICIE","label":"Superficie","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox","format":{"places":2,"digitSeparator":true}},{"fieldName":"UNITESUPERFICIE","label":"Unité de superficie","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox","format":{"places":0,"digitSeparator":true}},{"fieldName":"UEROLE_IDG","label":"UERole IDG","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox","format":{"places":0,"digitSeparator":true}},{"fieldName":"UTILISATEURCREATION","label":"Utilisateur création","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox"},{"fieldName":"DATECREATION","label":"Date création","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox","format":{"dateFormat":"shortDateShortTime"}},{"fieldName":"UTILISATEURMODIFICATION","label":"Utilisateur modification","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox"},{"fieldName":"DATEMODIFICATION","label":"Date modification","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox","format":{"dateFormat":"shortDateShortTime"}},{"fieldName":"METHODECAPTAGEID","label":"ID méthode captage","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox","format":{"places":0,"digitSeparator":true}},{"fieldName":"MAT_Complet","label":"MAT_Complet","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox"},{"fieldName":"Utilisation","label":"Utilisation","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox"},{"fieldName":"Proprietaire","label":"Proprietaire","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox"},{"fieldName":"CoProprietaire","label":"CoProprietaire","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox"},{"fieldName":"AdressePostale","label":"AdressePostale","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox"},{"fieldName":"VilleProprietaire","label":"VilleProprietaire","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox"},{"fieldName":"NbEtage","label":"NbEtage","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox","format":{"places":0,"digitSeparator":true}},{"fieldName":"AnneeConstruction","label":"AnneeConstruction","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox"},{"fieldName":"NbLogement","label":"NbLogement","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox","format":{"places":0,"digitSeparator":true}},{"fieldName":"ValeurTerrain","label":"ValeurTerrain","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox","format":{"places":2,"digitSeparator":true}},{"fieldName":"ValeurBatiment","label":"ValeurBatiment","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox","format":{"places":2,"digitSeparator":true}},{"fieldName":"ValeurImmeuble","label":"ValeurImmeuble","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox","format":{"places":2,"digitSeparator":true}},{"fieldName":"Lot","label":"Lot","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox"},{"fieldName":"UniteVoisinage","label":"UniteVoisinage","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox"},{"fieldName":"AireBatiment","label":"AireBatiment","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox","format":{"places":2,"digitSeparator":true}},{"fieldName":"NoCivique","label":"NoCivique","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox"},{"fieldName":"Generique","label":"Generique","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox"},{"fieldName":"Lien","label":"Lien","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox"},{"fieldName":"Voie","label":"Voie","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox"},{"fieldName":"Adresse_conca","label":"Adresse_conca","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox"},{"fieldName":"Adresse_alt1","label":"Adresse_alt1","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox"},{"fieldName":"Adresse_alt2","label":"Adresse_alt2","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox"},{"fieldName":"Adresse_UEV","label":"Adresse_UEV","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox"},{"fieldName":"NbLot","label":"NbLot","isEditable":true,"tooltip":"","visible":true,"stringFieldOption":"textbox","format":{"places":0,"digitSeparator":true}},{"fieldName":"Shape__Area","label":"Shape__Area","isEditable":false,"tooltip":"","visible":false,"stringFieldOption":"textbox","format":{"places":2,"digitSeparator":true}},{"fieldName":"Shape__Length","label":"Shape__Length","isEditable":false,"tooltip":"","visible":false,"stringFieldOption":"textbox","format":{"places":2,"digitSeparator":true}}],"description":"<font color='#0000ff'><font size='2'><b>Identification de l'unité d'évaluation<\/b><\/font><br /><\/font>Numéro de matricule : <br />{MAT_Complet} <br />Adresse : <br />{Adresse_UEV}<br />Numéro(s) de lot : {Lot}<br />Utilisation (CUBF) : {Utilisation} <br />Unité de voisinage : {UniteVoisinage} <br /><font color='#0000ff'><font size='2'><b><br />Propriétaire(s)<\/b><\/font><br /><\/font>{Proprietaire}<br />Adresse du propriétaire :<br />{AdressePostale}, {VilleProprietaire}<br />Copropriétaire : {CoProprietaire}<br /><span style='color: rgb(0, 0, 255);'><b><font size='2'><br />Caractéristiques de l'unité d'évaluation<\/font><\/b><\/span><br />Frontage : {DIMENSIONFRONTALE} m<br />Profondeur : {DIMENSIONPROFONDEUR} m<br />Superficie : {SUPERFICIE} m²<br />Nombre d'étage(s) : {NbEtage}<br />Année de construction : {AnneeConstruction}<br />Aire d'étage(s) : {AireBatiment} m²<br />Nombre de logement(s) : {NbLogement}<br /><span style='color: rgb(0, 0, 255);'><b><font size='2'><br />Valeur au rôle d'évaluation<\/font><\/b><\/span><br />Valeur du terrain : {ValeurTerrain} $<br />Valeur du bâtiment : {ValeurBatiment} $<br />Valeur de l'immeuble : {ValeurImmeuble} $<br /><br /><a href='https://municipal.acceo.com/immonet/rimouski?language=fr ' rel='nofollow ugc' target='_blank'>Cliquez ici pour un rapport complet<\/a>","showAttachments":true,"mediaInfos":[]}}, {"id":"Interrogation_du_role_4143","layerType":"ArcGISFeatureLayer","url":"https://utility.arcgis.com/usrsvcs/servers/82531d9f6c97453eb2e42afd8b4ec6bf/rest/services/Interrogation_du_role/FeatureServer/6","visibility":true,"opacity":1,"mode":1,"title":"Ligne de renvoie (lot)","itemId":"82531d9f6c97453eb2e42afd8b4ec6bf","layerDefinition":{"drawingInfo":{"renderer":{"type":"simple","label":"","description":"","symbol":{"color":[76,230,0,255],"width":0.75,"type":"esriSLS","style":"esriSLSDashDotDot","marker":{"style":"arrow","placement":"end"}}}}},"disablePopup":true},{"id":"Interrogation_du_role_5814","layerType":"ArcGISFeatureLayer","url":"https://utility.arcgis.com/usrsvcs/servers/82531d9f6c97453eb2e42afd8b4ec6bf/rest/services/Interrogation_du_role/FeatureServer/5","visibility":true,"opacity":1,"mode":1,"title":"Ligne de renvoie (mesure)","itemId":"82531d9f6c97453eb2e42afd8b4ec6bf","layerDefinition":{"drawingInfo":{"renderer":{"type":"simple","label":"","description":"","symbol":{"color":[76,230,0,255],"width":1.125,"type":"esriSLS","style":"esriSLSDash","marker":{"style":"arrow","placement":"end"}}}}},"disablePopup":true}, {"id":"Interrogation_du_role_6929","layerType":"ArcGISFeatureLayer","url":"https://utility.arcgis.com/usrsvcs/servers/82531d9f6c97453eb2e42afd8b4ec6bf/rest/services/Interrogation_du_role/FeatureServer/4","visibility":true,"opacity":1,"mode":1,"title":"Connectivité","itemId":"82531d9f6c97453eb2e42afd8b4ec6bf","layerDefinition":{"drawingInfo":{"renderer":{"type":"simple","label":"","description":"","symbol":{"color":[255,0,0,255],"width":1.5,"type":"esriSLS","style":"esriSLSSolid"}}},"minScale":23167,"maxScale":0},"disablePopup":true},{"id":"Interrogation_du_role_8743","layerType":"ArcGISFeatureLayer","url":"https://utility.arcgis.com/usrsvcs/servers/82531d9f6c97453eb2e42afd8b4ec6bf/rest/services/Interrogation_du_role/FeatureServer/3","visibility":true,"opacity":1,"mode":1,"title":"Ligne de renvoie (no civique)","itemId":"82531d9f6c97453eb2e42afd8b4ec6bf","layerDefinition":{"drawingInfo":{"renderer":{"type":"simple","label":"","description":"","symbol":{"color":[255,85,0,255],"width":1.125,"type":"esriSLS","style":"esriSLSSolid","marker":{"style":"arrow","placement":"end"}}}}},"disablePopup":true},{"id":"Interrogation_du_role_1515","layerType":"ArcGISFeatureLayer","url":"https://utility.arcgis.com/usrsvcs/servers/82531d9f6c97453eb2e42afd8b4ec6bf/rest/services/Interrogation_du_role/FeatureServer/2","visibility":true,"opacity":1,"mode":1,"title":"Numéro de lot","itemId":"82531d9f6c97453eb2e42afd8b4ec6bf","layerDefinition":{"drawingInfo":{"renderer":{"type":"simple","label":"","description":"","symbol":{"color":null,"width":0.75,"type":"esriSLS","style":"esriSLSNull"}},"labelingInfo":[{"labelExpression":null,"labelExpressionInfo":{"expression":"$feature[\"TextString\"]","value":"{TextString}"},"useCodedValues":true,"maxScale":0,"minScale":0,"where":null,"labelPlacement":"esriServerLinePlacementCenterAlong","symbol":{"color":[127,255,0,255],"type":"esriTS","backgroundColor":null,"borderLineColor":null,"haloSize":0,"haloColor":null,"horizontalAlignment":"center","rightToLeft":false,"angle":0,"xoffset":0,"yoffset":0,"text":"","rotated":false,"kerning":true,"font":{"size":12,"style":"normal","decoration":"none","weight":"bold","family":"Arial"}}}]}},"showLabels":true,"disablePopup":true},{"id":"Interrogation_du_role_5964","layerType":"ArcGISFeatureLayer","url":"https://utility.arcgis.com/usrsvcs/servers/82531d9f6c97453eb2e42afd8b4ec6bf/rest/services/Interrogation_du_role/FeatureServer/1","visibility":true,"opacity":1,"mode":1,"title":"Mesure","itemId":"82531d9f6c97453eb2e42afd8b4ec6bf","layerDefinition":{"drawingInfo":{"renderer":{"type":"simple","label":"","description":"","symbol":{"color":null,"width":0.75,"type":"esriSLS","style":"esriSLSNull"}},"labelingInfo":[{"labelExpression":null,"labelExpressionInfo":{"expression":"$feature[\"TextString\"]","value":"{TextString}"},"useCodedValues":true,"maxScale":0,"minScale":0,"where":null,"labelPlacement":"esriServerLinePlacementCenterAlong","symbol":{"color":[127,255,0,255],"type":"esriTS","backgroundColor":null,"borderLineColor":null,"haloSize":0,"haloColor":null,"horizontalAlignment":"center","rightToLeft":false,"angle":0,"xoffset":0,"yoffset":0,"text":"","rotated":false,"kerning":true,"font":{"size":9.75,"style":"normal","decoration":"none","weight":"bold","family":"Arial"}}}]}},"showLabels":true,"disablePopup":true},{"id":"Interrogation_du_role_4294","layerType":"ArcGISFeatureLayer","url":"https://utility.arcgis.com/usrsvcs/servers/82531d9f6c97453eb2e42afd8b4ec6bf/rest/services/Interrogation_du_role/FeatureServer/0","visibility":true,"opacity":1,"mode":1,"title":"Numéro civique","itemId":"82531d9f6c97453eb2e42afd8b4ec6bf","layerDefinition":{"drawingInfo":{"renderer":{"type":"simple","label":"","description":"","symbol":{"color":null,"width":0.75,"type":"esriSLS","style":"esriSLSNull"}},"labelingInfo":[{"labelExpression":null,"labelExpressionInfo":{"expression":"$feature[\"TextString\"]","value":"{TextString}"},"useCodedValues":true,"maxScale":0,"minScale":0,"where":null,"labelPlacement":"esriServerLinePlacementCenterAlong","symbol":{"color":[255,0,0,255],"type":"esriTS","backgroundColor":null,"borderLineColor":null,"haloSize":0,"haloColor":null,"horizontalAlignment":"center","rightToLeft":false,"angle":0,"xoffset":0,"yoffset":0,"text":"","rotated":false,"kerning":true,"font":{"size":12,"style":"normal","decoration":"none","weight":"bold","family":"Arial"}}}]}},"showLabels":true,"disablePopup":true}],"baseMap":{"baseMapLayers":[{"id":"World_Imagery_2017","layerType":"ArcGISTiledMapServiceLayer","url":"https://services.arcgisonline.com/ArcGIS/rest/services/World_Imagery/MapServer","visibility":true,"opacity":1,"title":"World Imagery"}],"title":"Imagerie"},"spatialReference":{"wkid":102100,"latestWkid":3857},"authoringApp":"WebMapViewer","authoringAppVersion":"8.3","version":"2.18"} When trying to query the server, we sadly get blocked with a 403 forbidden response:{"error":{"code":403,"messageCode":"GWM_0003","message":"You do not have permissions to access this resource or perform this operation.","details":[]}} However, since this query works inside the webmap (at https://rimouski.maps.arcgis.com/apps/webappviewer/index.html?id=1b3866ae746c48b6895c38993ba499db) we can readily deduce that the access control is based on the referer.So if we cram in a referer HTTP header: Referer: https://rimouski.maps.arcgis.com/apps/webappviewer/index.html?id=1b3866ae746c48b6895c38993ba499db We can get a response from the server: (...) { "attributes": { "OBJECTID": 425387, "geodb_oid": 1, "Matricule": "2063376974", "SupTotale": "5 965,3", "Frontage": "0", "Profondeur": "86,04", "MAT_Complet": "2063-37-6974-0-000-0000", "Utilisation": "9100", "Proprietaire": "XXXXXXXXXXXXXXXXXXXXXX", "CoProp": null, "NbEtage": 0, "AnConst": "", "NbLogement": 0, "ValTerrain": 19500, "ValBatiment": 0, "ValImmeuble": 19500, "Lot": "2894896", "UniVoisi": "5100", "AdrPostale": "xxxx BOULEVARD SAINT-GERMAIN", "AireBat": 0, "NoCiv": "0", "Generique": "BOULEVARD", "Lien": "", "Voie": "SAINT-GERMAIN", "Adresse_conca": "0 BOULEVARD SAINT-GERMAIN", "Adresse_alt1": "0, BOULEVARD SAINT-GERMAIN", "Adresse_alt2": "0 SAINT-GERMAIN", "Adresse_UEV": "0, Saint-Germain (Boulevard)", "NB_LOT": 1, "Ville": "RIMOUSKI QC", "CONDOS": "0", "CreationDate": 1613587678543, "Creator": "Geo_Rimouski", "EditDate": 1613587678543, (...) The notable data is the name of the owner, and his address (here XXX'd out). This is where things are problematic: the web application makes it impossible to find where someone lives by forcing a search by address, thus requiring a priori knowledge of the address to be able to confirm the owner. However, with direct access to the data, we can bypass this constraint to search by name and basically get the home address of any home owner in the city, which results in a massive breach of privacy. This is highly problematic for numerous people: police, prosecutors, judges, victims of domestic violence or stalking, etc. All this by cramming an HTTP referrer header into the request...Reporting the flaw
As most vulnerability researchers know, it's usually pointless to notify an administration that the precious system they paid so much for has cybersecurity issues. But since I don't want to be the guy that saw something and said nothing, I (almost) always try make a (small) effort to reach out to the concerned folks. It is worth noting that since my last reports to the "old administration" of the city's IT services, a new director has been appointed and we had yet to communicate. While my previous interactions with their IT direction left much to be desired, I was pleasantly surprised about their response. Within 48h, the issue was reported as patched, and made a search by name impossible. Well done, Mr New IT Director Cassista, I hope our relationship will be one of mutual understanding and respect when it comes to managing the citizens' data! While the scene usually makes it a point of honor to shit on bad vendors and providers for being unresponsive and irresponsible pieces of work, I believe it's good to highlight responsible practices and responses such as this one:
Cheers PS: At the time of publication, names were removed to avoid the search-by-name feature's breach of privacy. Because you know, responsible disclosure and shit.
Comments
Post a Comment