Internal Path
- CAPEC 118
- CWE 200
- WASC 13
Internal Path Disclosure occurs when a web application reveals full file system paths or directory structures in error messages, debug output, or HTML content. This information often includes server paths, module locations, or framework directories. Attackers can use this knowledge to craft targeted attacks such as Local File Inclusion, Remote File Inclusion, or path traversal, and it can also aid in reconnaissance and privilege escalation attempts.
Common patterns leading to internal path disclosure:
- Verbose error messages showing full server paths (e.g.,
/var/www/html/index.php). - Stack traces revealing file locations in responses.
- Debug or development mode enabled in production, exposing internal directories.
- Comments or source code containing internal paths.
- Misconfigured server rules serving internal files publicly.
Impacts:
- Facilitates Targeted Attacks: Knowledge of internal paths aids file inclusion, path traversal, and other exploits.
- Information Disclosure: Reveals server structure and framework organization.
- Increased Attack Surface: Detailed path information can help attackers locate sensitive files or misconfigurations.
- Reconnaissance Aid: Attackers can map the server filesystem for further exploitation.
Detection indicators:
- Error pages displaying full filesystem paths.
- Source code or comments showing internal directory structures.
- Security scanners detecting path exposure.
Remediation
Mitigation focuses on error handling, content sanitization, and secure deployment:
Disable Verbose Error Messages
Show generic error messages to users while logging detailed information internally.Sanitize Output
Remove filesystem paths from HTML, error messages, and debug output.Disable Debug/Development Modes in Production
Ensure frameworks do not expose stack traces or internal paths in live environments.Review and Remove Comments
Avoid leaving internal paths in code comments or documentation visible publicly.Monitor and Audit Logs
Track access to pages generating internal path information.Secure Deployment Practices
Ensure that internal directories and files are not exposed via web server configuration.Security Testing
Include checks for internal path disclosure during penetration testing and automated scans.
References
Search Vulnerability
You may also see
- Internal Path (Windows)
- Internal Path (Linux)
- Long Redirect Response
- Error Message
- Stack Trace
- Internal Path
- Not Secure Cookie
- Not Http-Only Cookie
- Sensitive Data in Query String
- Sensitive Data over HTTP
- Server Error
- Source Code Disclosure
- Information Leakage
- Web Backdoor
- Database Connection String
- Autocomplete Enabled
- Undefined Content-Type Header
- Missing X-Frame-Options Header
- File Upload Input Detected
- Mixed Content
- Insecure iFrame
- XPath Injection
- Basic Authentication over HTTP
- Forbidden Resource
- Multiple Choices Enabled
- Apache MultiViews Enabled
- GraphQL Endpoint Detected