RedTeam
3.Web-Hacking
3.Business-Logic
Information-Disclosure
Notes
3.common Sources of Information Disclosure

Common Sources of Information Disclosure

Common Sources of Information Disclosure

  • File for Web Crawlers /robots.txt /sitemap.xml

  • Directory Listings

  • Developer Comments

  • Error Messages Pay attention to any verbose error messages § Template Engine § Database Type § Server being used § Versions

    • Use this to search for documented exploits
    • If open-source, you can study the actual code being used
  • Debugging Data

    • Look for the following: § Values for key session variables § Hostnames of creds for back-end components § File and directory names on the server § Keys used to encrypt data
  • User Account Pages

  • Source Code Disclosure via Backup Files

    • Often include API keys or creds for back-end components
  • Version Control History

    • Exposed /.git directories
    • Load on personal machine and browse through it