Hey Reader,
Today topic is related to Source Code Disclosure Vulnerability.
# Basic introduction about Source Code Disclosure vulnerability. firstly, I will tell you the background concept of Source Code Disclosure vulnerability and then exploitation and then how to protect website from these Source Code Disclosure Vulnerability.
→ Source Code often contain some form of sensitive information — whatever it be configuration related information (e.g: database credentials) or simple information how the web application function.
→ If disclosed, such information can potentially be used by an attacker to discover logical flaws and escalate into a subsequent chain of attacks which would not be possible without having access to the application’s source code.
# Hunting for source code disclosure vulnerability.
Source Code Disclosure Vulnerability often some form of sensitive information — whatever it be your private data, confidential date etc.
# Let move to practical demonstration
→ Let assume you have one website for ex: test.vulnweb.com (only login page)
→ open burp suite and spider the host
→ and click on search file= in scope only, request header.
→ then send to repeater and change file = datebase_connect.php
and boom got it and download a txt file. only for educational purpose
# How to prevent source code disclosure?
Source code disclosure can be caused by many different vulnerabilities and misconfigurations, so there is no single way to prevent it. To avoid source code disclosure, follow these general recommendations:
- Make sure your web server software is up to date.
- Check your web server configuration and make sure that all source code files are set as executable by the server, so they are not served to the requester. Also ensure that directory listing functionality is turned off.
- Perform user input validation in your web applications and follow secure coding practices to avoid other vulnerability types, such as LFI and directory traversal. For example, avoid passing filenames in user input, or at least create a whitelist of safe files. Where possible, you may also run your web apps in safe containers such as Docker.
— — — — THANKS FOR READING (KIDNAPSHADOW)🔥✨✌❤
Follow me on twitter @kidnapshadow_kd