Information disclosure
Fuzzing
- Add payload positions to parameters and use pre-built wordlists of fuzz strings to test a high volume of different inputs in quick succession.
- Use grep matching rules to quickly identify occurrences of keywords, such as error, invalid, SELECT, SQL, and so on.
Common sources of information disclosure
- Files for web crawlers
/robots.txt/sitemap.xml
- Developer comments
- Error messages
- These can provide information about different technologies -> documented exploits
- Check whether there are any configuration errors or dangerous default settings that you may be able to exploit
- Debugging data
- Debugging information may sometimes be logged in a separate file
- User account pages
- Example: via IDOR
- Source code disclosure via backup files
- Text editors often generate temporary backup files while the original file is being edited
- appending a tilde (
~) to the filename /upload/code.php~,/upload/~code.php- adding a different file extension
- appending a tilde (
- Text editors often generate temporary backup files while the original file is being edited
- Information disclosure due to insecure configuration
- Example
HTTP TRACE. This can sometimes lead to disclosing information, like internal authentication headers added by reverse proxies.
- Example
- Version control history
- Browsing to
/.git
- Browsing to