Web-applications-attacks/Path-disclosure
Jump to navigation
Jump to search
Description
Path disclosure is not really an attack but it could lead to information gathering and LFI and brute-force attacks.
Example
Suppose that you discover "/home/diedla/" in the source code of a web page. The likelihood that the server has a user named "diedla" is relatively high, and an attacker could use this information to try a brute-force attack.
Protection
- Avoid including paths that provide sensitive data about your architecture