Disclosure of Sensitive Files

Disclosure of Sensitive Files

A sensitive file exposure vulnerability happens when files that aren’t supposed to be publicly available are accessible via your web server.

There are 3 main categories:

1) Configuration files

2) Log files

3) Test and backup files

Configuration Files

These are such files which simply shows website software how to function. ‘wp-config.php’ is one of the examples of configuration files. Having data from these files attackers can compromise your site even including credentials of the database.

Log Files

These files contain events which are recorded by software on the web server. Often site owners use this info for troubleshooting purposes. Usually, such files store information that attackers can use for malicious purposes.

Test and Backup Files

Sometimes test and backup files are left lying around on a web server. In many cases, test and backup files include sensitive data an attacker might use to exploit vulnerabilities in your website. So, having These files on a web server publicly available is very dangerous.

How to Find Sensitive Files

Let’s consider we have some website like this www.example.com. First, the attacker goes to www.example.com/robotxs.txt reads the content of file robots.txt. As u know, robots.txt is a file which includes instructions to web crawlers, and it’s publicly available. So in order to find such files attacker reads the content of robots.txt. In some cases, the robots.txt file can contain the information about the location of sensitive data, and since its publicly available, this  attackers can use this file. Now let’s suppose we have a website with robots.txt files which have URL to a place where configuration files are kept. Following that path, the attacker goes to the place where configuration-files. Here the attacker spots two files: application-config.php and database.config.So, The attacker has found configuration files which are sensitive data.

How to Read the Content of Sensitive Files

Let’s suppose, as in previous example the attacker finds 2 sensitive files ( application-config.php and database.config ) in configuration file directory. Since one of the extensions is php ( it will be processed by a PHP handler ), the attacker will not be able to read this file. The other file has config extension, which is nonstandard type extension, so default handler will process it. After the handler returns the config files content, and the attacker can read it and get access to sensitive data. Now you can see how severe consequences can happen as a result of processing of a file with a non-standard extension.