Internal Path (Windows)
- CAPEC 118
- CWE 200
- WASC 13
Path disclosure enables the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injection) query to view the page source, require the attacker to have the full path to the file they wish to view.
The risks regarding path disclosure may produce various outcomes.
Attackers may use the path in combination with file inclusion vulnerabilites (see PHP File Inclusion) to steal files of the web application.
It can also be used to reveal the underlying operating system by observing the file paths. Windows for instance always start with a drive-letter, e.g; C:, while Unix based operating system tend to start with a single front slash.
*NIX:
Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/alice/public_html/includes/functions.php on line 2
Windows:
Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in C:\Users\bob\public_html\includes\functions.php on line 2
The two examples above reveal usernames on the operating systems as well; alice and bob. Usernames are of course important pieces of credentials. Attackers can use those in many different ways, ranging all from bruteforcing over various protocols (SSH, Telnet, RDP, FTP...) to launch exploits which require working usernames.
References
Search Vulnerability
You may also see
- Internal Path (Windows)
- Internal Path (Linux)
- Long Redirect Response
- Error Message
- Stack Trace
- Internal Path
- Not Secure Cookie
- Not Http-Only Cookie
- Sensitive Data in Query String
- Sensitive Data over HTTP
- Server Error
- Source Code Disclosure
- Information Leakage
- Web Backdoor
- Database Connection String
- Autocomplete Enabled
- Undefined Content-Type Header
- Missing X-Frame-Options Header
- Mixed Content
- Insecure iFrame
- XPath Injection
- Basic Authentication over HTTP
- Forbidden Resource
- Multiple Choices Enabled
- Apache MultiViews Enabled