File Disclosure

Risk type:HIGH


File disclosure vulnerability allows the attacker to retrieve arbitrary system files.


Assuming "export.php" is vulnerable to file disclosure and it’s location is in "/www/cgi" directory, using directory traversal, the attacker can retrieve the content of Unix password file:


  • Using a whitelist of directories from which files are allowed for download and validate requests based on that list.
  • Validate file types requested by users.
  • Index files which are allowed for download and pass only their index numbers as the URL parameter values.

Further reading: