Help file
- PCI 3.2-6.5.1
- CWE 200
- CAPEC 152
- OWASP 2017-A6
- WASC 33
- CWE 425
- WASC 34
Exposed Help Files occur when application help documentation, manuals, or instructional files are publicly accessible without proper access control. While help files are intended to assist users, they may inadvertently contain sensitive information such as internal URLs, system architecture details, sample credentials, or configuration instructions. Attackers can use this information to map the application, identify potential vulnerabilities, and facilitate targeted attacks such as file inclusion, misconfiguration exploitation, or privilege escalation.
Common patterns leading to help file exposure:
- Deploying documentation, guides, or PDF/HTML help files to web-accessible directories.
- Including internal URLs, system paths, or sample configuration data in help content.
- Lack of authentication or access control for help resources intended for internal use.
- Backup copies of help files accessible in web root or development directories.
Impacts:
- Information Disclosure: Sensitive system, configuration, or application details can be exposed.
- Facilitates Reconnaissance: Attackers gain insight into application structure and functionality.
- Increased Attack Surface: Knowledge from help files can be used to identify vulnerable endpoints or misconfigurations.
- Compliance Violations: Exposure of internal information may breach regulatory requirements.
Detection indicators:
- Help files (e.g.,
.html,.pdf,.chm) accessible from public URLs. - Documentation containing sensitive URLs, file paths, or credentials.
- Security scanners flagging help files in publicly accessible directories.
Remediation
Mitigation focuses on restricting access and sanitizing content:
Restrict Access to Help Files
Place internal help files behind authentication and authorization controls.Sanitize Help Content
Remove sensitive information, internal URLs, credentials, or configuration examples from publicly accessible files.Move Documentation Out of Web Root
Keep help files in directories not served publicly or restrict via web server rules.Monitor and Audit Access
Log access to help resources to detect unauthorized access attempts.Use Encrypted Channels
Serve documentation over HTTPS to prevent interception.Review Deployment Pipelines
Ensure that help files deployed to production are verified for sensitive content.Security Testing
Include checks for exposed documentation and help files during penetration tests.
References
Search Vulnerability
You may also see
- Readable .htaccess file
- apc.php page
- Webalizer script
- phpinfo page
- Apache perl-status Enabled
- Apache server-info Enabled
- Apache server-status Enabled
- JetBrains .idea project directory
- AWStats script
- elmah.axd Detected
- Core dump checker PHP script
- trace.axd Detected
- .DS_Store file
- Macromedia Dreamweaver database scripts
- Help file
- robots.txt Detected
- Sitemap Detected
- crossdomain.xml Detected
- Silverlight Client Access Policy
- Laravel log file
- Code Repository
- Configuration File
- Administration page
- Predictable Resource Location
- Code Repository
- Configuration File
- Administration page