Skip to content

Full Path Disclosure #3

Description

@bright-security

Full Path Disclosure

Severity: Medium Discovered: 10 of August-2022, 02:19 PM

CWE ID

CWE-200

CVSS

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

Full Path Disclosure (FPD) vulnerabilities enable an attacker to see the path to a webroot/file.
Certain vulnerabilities require the attacker to get the full path to the file that they wish to view.
For example, when using a load_file() query (within a SQL Injection) to view the page source.

Detected webroot/file is:
• /var/www/
Detected system is:
• linux

Found in URL:
https://brokencrystals.com/api/spawncommand=6.338619269402675
Triggered by changing the parameter "" value to "6.338619269402675"

Possible exposure

Read Application Data, Access to Privileged Information

Remediation suggestions

To fix this vulnerability –
• Disable debug information in the web server’s configuration.
• Improve the validation of all passed values in the parameter "", such as valid types and immutability.
• Improve error handling in each function that deals with the parameter "".

Request

GET https://brokencrystals.com/api/spawn?command=6.338619269402675 HTTP/1.1
Referer: https://brokencrystals.com/api/spawn?command=pwd
Cookie: connect.sid=GifWkYqUYRUF06yVoKBQRRUvHu0xp6pS.3%2FtHGp7tLVXfH2VR5Sp10lXum%2BX2CohPwX1aKt%2FwWn8; bc-calls-counter=1660141141582
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
Accept-Encoding: identity

Response

HTTP/1.1 500
Server: nginx/1.19.8
Date: Wed, 10 Aug 2022 14:19:47 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 66
Connection: keep-alive
vary: Origin
access-control-allow-origin: *
set-cookie: connect.sid=GifWkYqUYRUF06yVoKBQRRUvHu0xp6pS.3%2FtHGp7tLVXfH2VR5Sp10lXum%2BX2CohPwX1aKt%2FwWn8; Path=/
Cache-Control: public, max-age=99999

{"location":"/var/www/dist/components/global-exception.filter.js"}

External links

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions