This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Full Path Disclosure"
| Line 38: | Line 38: | ||
==Related [[Threat Agents]]== | ==Related [[Threat Agents]]== | ||
| − | |||
* [[internal software developer]] | * [[internal software developer]] | ||
==Related [[Attacks]]== | ==Related [[Attacks]]== | ||
| − | + | * [[SQL Injection]] | |
| − | *[[SQL Injection]] | + | * [[Relative Path Traversal]] |
| − | *[[Relative Path Traversal]] | ||
==Related [[Vulnerabilities]]== | ==Related [[Vulnerabilities]]== | ||
| − | |||
* None | * None | ||
==Related [[Controls]]== | ==Related [[Controls]]== | ||
| − | + | * This vulnerability is prevented simply by turning error reporting off so your code does not spit out errors. | |
| − | This vulnerability is prevented simply by turning error reporting off so your code does not spit out errors. | ||
<pre>error_reporting(0);</pre> | <pre>error_reporting(0);</pre> | ||
| − | |||
==References== | ==References== | ||
| − | |||
* http://www.acunetix.com/vulnerabilities/Full-path-disclosure.htm | * http://www.acunetix.com/vulnerabilities/Full-path-disclosure.htm | ||
| − | + | * [http://www.enigmagroup.org/ Articled summarised from Full Path Disclosure article by haZed on EnigmaGroup.org.] | |
| − | *[http://www.enigmagroup.org/ Articled summarised from Full Path Disclosure article by haZed on EnigmaGroup.org.] | + | * [http://www.enigmagroup.org/pages/view_articles/artID/175/ Original article location (registration required).] |
| − | |||
| − | *[http://www.enigmagroup.org/pages/view_articles/artID/175/ Original article location (registration required).] | ||
[[Category:Injection]] | [[Category:Injection]] | ||
[[Category:Attack]] | [[Category:Attack]] | ||
__NOTOC__ | __NOTOC__ | ||
Revision as of 01:24, 14 September 2008
- This is an Attack. To view all attacks, please see the Attack Category page.
Last revision: 09/14/2008
ASDR Table of Contents
Description
Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. Eg: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within an SQL injection) query to view the page source, require the attacker to have the full path to the file they wish to view.
Risk Factors
TBD
Examples
- Empty Array
If we have a site that uses a method of requesting a page like this:
http://site.com/index.php?page=about
We can use a method of opening and closing braces that causes the page to output an error. This method would look like this:
http://site.com/index.php?page[]=about
This renders the page defunct thus spitting out an error:
Warning: opendir(Array): failed to open dir: No such file or directory in /home/omg/htdocs/index.php on line 84 Warning: pg_num_rows(): supplied argument ... in /usr/home/example/html/pie/index.php on line 131
- Null Session Cookie
Another popular and very reliable method of producing errors containing a FPD is to give the page a nulled session using Javascript Injections. A simple injection using this method would look something like so:
javascript:void(document.cookie="PHPSESSID=");
By simply setting the PHPSESSID cookie to nothing (null) we get an error.
Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/example/public_html/includes/functions.php on line 2
Related Threat Agents
Related Attacks
Related Vulnerabilities
- None
Related Controls
- This vulnerability is prevented simply by turning error reporting off so your code does not spit out errors.
error_reporting(0);
