Platform Path Disclosure

Overview Platform Path Disclosure may result when internal system paths are disclosed to the user-agent (browser). These paths can be used in other attacks such as directory browsing. Video Tutorials Discovery Methodology Attempt to discover if it is possible to cause errors by injecting all input parameters with characters that are reserved in various contexts. Search web page sources (view source) for internal system paths. Exploitation Note if the web server is Linux or Windows based. Search pages with and without injection. Use the grep feature of Burp-Suite to seach for platform path patterns that match the web server operating system type. Introduction to Fuzzing Web Applications with Burp-Suite Intruder Tool Finding Comments and File Metadata using Multiple Techniques How to Sweep a Web Site for HTML Comments How to Install dirb on Linux How to Use dirb to Locate Hidden Directories on a Web Site How to Install OWASP DirBuster on Linux How to use OWASP DirBuster to Discover Hidden Directories on Web Sites