Information disclosure
Fuzzing
Add payload positions to parameters and use pre-built wordlists of fuzz strings to test a high volume of different inputs in quick succession.
Easily identify differences in responses by comparing HTTP status codes, response times, lengths, and so on.
Use grep matching rules to quickly identify occurrences of keywords, such as error, invalid, SELECT, SQL, and so on.
Apply grep extraction rules to extract and compare the content of interesting items within responses.
Common sources of information disclosure
Files for web crawlers
/robots.txt
/sitemap.xml
Developer comments
Error messages
These can provide information about different technologies -> documented exploits
Check whether there are any configuration errors or dangerous default settings that you may be able to exploit
Observing differences in error messages is a crucial aspect of many techniques, such as SQLi, username enume...
Debugging data
Debugging information may sometimes be logged in a separate file
User account pages
Example: via IDOR
Source code disclosure via backup files
Text editors often generate temporary backup files while the original file is being edited
appending a tilde (
~
) to the filename or adding a different file extension
Information disclosure due to insecure configuration
Websites are sometimes vulnerable as a result of improper configuration especially common due to the widespread use of third-party technologies, whose vast array of configuration options are not necessarily.
Example HTTP TRACE. Occasionally could leads to information disclosure, such as the name of internal authentication headers that may be appended to requests by reverse proxies.
Version control history
Browsing to
/.git
TO DO...