Full Path Disclosure vulnerability

OWASP 2013-A5 OWASP 2017-A6 CAPEC-126 WSTG-INFO-09 WASC-​13

A Full Path Disclosure (FPD) vulnerability allows an attacker to examine the trail to the webroot/file present in the server. e.g.: /home/name/htdocs/file/. The FPD vulnerability is used by an attacker to performing certain attacks. Some functions ( used for attacking) like load_file() require the attacker to specify the whole path of the file. There are many servers vulnerable to Full Path Disclosure (FPD) vulnerability. This vulnerability enables the attacker to view the path to the webroot/file. An attacker can use FPD attack along with file inclusion attack to plant malicious files and to get access to sensitive files like application’s configuration file, server configuration file and many more. The attacker can exploit this vulnerability by using Null session and empty array.

Example

Consider the following link is requesting a page.

http://example.beaglesecurity.com/index.php?page=about

The attacker can put ‘[]’ to the page to output an error as follows.

        Warning: opendir(Array): failed to open dir: No such file or directory in /home/beagle/htdocs/index.php on line 84
        Warning: pg_num_rows(): supplied argument ... in /usr/home/beagle/html/pie/index.php on line 131

    

The above warning reveals the path of the application.

Impact

Using this vulnerability, an attacker can:-

  • leak the source code of the application using file_get_contents() function.
  • leak the config.php file.
  • use this vulnerability to perform a SQL injection attack and many more attacks.

Mitigation / Precaution

Beagle recommends the following:-

  • Try not to reveal any errors on the webpage. An attacker can use the information in the error to perform FPD attack. Make sure error reporting is turned off so that the application won’t display error on the server.

Latest Articles