This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Full Path Disclosure"

From OWASP
Jump to: navigation, search
(Examples)
(Examples)
Line 11: Line 11:
  
 
==Examples==
 
==Examples==
'''Empty Array
+
'''Empty Array'''
'''
 
 
If we have a site that uses a method of requesting a page like this:
 
If we have a site that uses a method of requesting a page like this:
 
<pre>http://site.com/index.php?page=about</pre>
 
<pre>http://site.com/index.php?page=about</pre>
Line 18: Line 17:
 
<pre>http://site.com/index.php?page[]=about</pre>
 
<pre>http://site.com/index.php?page[]=about</pre>
 
This renders the page defunct thus spitting out an error:
 
This renders the page defunct thus spitting out an error:
Warning: opendir(Array): failed to open dir: No such file or directory in /home/omg/htdocs/index.php on line 84
+
<pre>Warning: opendir(Array): failed to open dir: No such file or directory in /home/omg/htdocs/index.php on line 84
Warning: pg_num_rows(): supplied argument is not a valid PostgreSQL result resource in /usr/home/example/html/pie/index.php on line 131
+
Warning: pg_num_rows(): supplied argument is not a valid PostgreSQL result resource in /usr/home/example/html/pie/index.php on line 131</pre>
 +
 
 +
'''Null Session Cookie'''

Revision as of 08:28, 24 December 2007


Overview

Full Path Disclose (AKA, FPD) vulnerabilities enable the attacker to see the path to the webroot/file. Eg: /home/omg/htdocs/file/. Certain vulnerabilities such as using the load_file() query to view page sources require the attacker to have the full path to the file they wish to view.

Severity

Low to Medium (circumstantial)

Exploit Likely-Hood

Extremely High

Examples

Empty Array If we have a site that uses a method of requesting a page like this:

http://site.com/index.php?page=about

We can use a method of opening and closing braces and causing the page to output an error. This method would look like this:

http://site.com/index.php?page[]=about

This renders the page defunct thus spitting out an error:

Warning: opendir(Array): failed to open dir: No such file or directory in /home/omg/htdocs/index.php on line 84
Warning: pg_num_rows(): supplied argument is not a valid PostgreSQL result resource in /usr/home/example/html/pie/index.php on line 131

Null Session Cookie