Information Disclosure

Overview Information Disclosure may result when internal information is disclosed to the user-agent (browser). These paths can be used in other attacks. Video Tutorials Discovery Methodology Attempt to discover if it is possible to cause errors by injecting all input parameters with characters that are reserved in various contexts. Search web page sources (view source) for internal information disclosure. Search for custom administrative pages and administrative consoles such as phpMyAdmin installations. Exploitation Search pages with and without injection. Use the grep feature of Burp-Suite to seach for inappropriate information. Search for known common administrative consoles such as phpMyAdmin installations, Drupal and Wordpress consoles. Videos How to grab robots.txt file with CURL How to list HTTP Methods with CURL How to list HTTP Methods with NMap Determine HTTP Methods using Netcat How to grab HTTP Server Banners with CURL How to grab HTTP Server Banners with NMap Determine Server Banners using Netcat, Nikto, and w3af Using Nmap to Fingerprint HTTP servers and Web Applications Finding Comments and File Metadata using Multiple Techniques How to Sweep a Web Site for HTML Comments How to Install dirb on Linux How to Use dirb to Locate Hidden Directories on a Web Site How to Install OWASP DirBuster on Linux How to use OWASP DirBuster to Discover Hidden Directories on Web Sites How to Create Wordlists from Web Sites using CEWL