DefenseCode

File Disclosure

Risk type:HIGH

Description:

File disclosure vulnerability allows the attacker to retrieve arbitrary system files.

Example:

Assuming "export.php" is vulnerable to file disclosure and it’s location is in "/www/cgi" directory, using directory traversal, the attacker can retrieve the content of Unix password file:

http://www.victim.com/export.php?what=../../etc/passwd%00

Mitigation:

  • Using a whitelist of directories from which files are allowed for download and validate requests based on that list.
  • Validate file types requested by users.
  • Index files which are allowed for download and pass only their index numbers as the URL parameter values.

Further reading:

https://www.owasp.org/index.php/Path_Traversal