900 B
900 B
Common Sources of Information Disclosure
Common Sources of Information Disclosure
-
File for Web Crawlers /robots.txt /sitemap.xml
-
Directory Listings
-
Developer Comments
-
Error Messages Pay attention to any verbose error messages § Template Engine § Database Type § Server being used § Versions
- Use this to search for documented exploits
- If open-source, you can study the actual code being used
-
Debugging Data
- Look for the following: § Values for key session variables § Hostnames of creds for back-end components § File and directory names on the server § Keys used to encrypt data
-
User Account Pages
-
Source Code Disclosure via Backup Files
- Often include API keys or creds for back-end components
-
Version Control History
- Exposed /.git directories
- Load on personal machine and browse through it