## Common Sources of Information Disclosure

Common Sources of Information Disclosure

- File for Web Crawlers
	/robots.txt
	/sitemap.xml

- Directory Listings

- Developer Comments

- Error Messages
	Pay attention to any verbose error messages
		§ Template Engine
		§ Database Type
		§ Server being used
		§ Versions
	- Use this to search for documented exploits
	- If open-source, you can study the actual code being used

- Debugging Data
	- Look for the following:
		§ Values for key session variables
		§ Hostnames of creds for back-end components
		§ File and directory names on the server
		§ Keys used to encrypt data

- User Account Pages

- Source Code Disclosure via Backup Files
	- Often include API keys or creds for back-end components

- Version Control History
	- Exposed /.git directories
	- Load on personal machine and browse through it