Full Path Disclosure
Severity: Medium Discovered: 10 of August-2022, 02:19 PM
CWE ID
CWE-200
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
Full Path Disclosure (FPD) vulnerabilities enable an attacker to see the path to a webroot/file.
Certain vulnerabilities require the attacker to get the full path to the file that they wish to view.
For example, when using a load_file() query (within a SQL Injection) to view the page source.
Detected webroot/file is:
• /var/www/
Detected system is:
• linux
Found in URL:
• https://brokencrystals.com/api/products/latest
Detected that a new fake cookie(s) was added with the same name, but with a different value appended to the end of the cookie(s):
Original cookie:
• bc-calls-counter=1660141182944; connect.sid=I-qxtQdbdYj8S6vWh4ZZT9TCUP177Paz.HHQP8VWm%2FkGXPZv5oelGJh%2FiI0XDIpWo6GzNNIAlX6E
New cookie:
• bc-calls-counter=1660141182944; connect.sid=I-qxtQdbdYj8S6vWh4ZZT9TCUP177Paz.HHQP8VWm%2FkGXPZv5oelGJh%2FiI0XDIpWo6GzNNIAlX6E; bc-calls-counter=.
Cookie that is added:
• bc-calls-counter=.
Cookie key is:
• bc-calls-counter
Token is:
• .
Possible exposure
Read Application Data, Access to Privileged Information
Remediation suggestions
To fix this vulnerability –
• Disable debug information in the web server’s configuration.
• Improve the error handling and parsing of cookies in the relevant code paths, so that exceptions and/or errors will not leak internal information.
Request
GET https://brokencrystals.com/api/products/latest? HTTP/1.1
Referer: https://brokencrystals.com/api/products/latest
Cookie: bc-calls-counter=1660141182944; connect.sid=I-qxtQdbdYj8S6vWh4ZZT9TCUP177Paz.HHQP8VWm%2FkGXPZv5oelGJh%2FiI0XDIpWo6GzNNIAlX6E; bc-calls-counter=.
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
Accept-Encoding: identity
Response
HTTP/1.1 500
Server: nginx/1.19.8
Date: Wed, 10 Aug 2022 14:19:56 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 107
Connection: keep-alive
vary: Origin
access-control-allow-origin: *
set-cookie: connect.sid=I-qxtQdbdYj8S6vWh4ZZT9TCUP177Paz.HHQP8VWm%2FkGXPZv5oelGJh%2FiI0XDIpWo6GzNNIAlX6E; Path=/
Cache-Control: public, max-age=99999
{"error":"Invalid counter value","location":"/var/www/dist/components/headers.configurator.interceptor.js"}
External links
Full Path Disclosure
Severity:
MediumDiscovered:10 of August-2022, 02:19 PMCWE ID
CWE-200
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
Full Path Disclosure (FPD) vulnerabilities enable an attacker to see the path to a webroot/file.
Certain vulnerabilities require the attacker to get the full path to the file that they wish to view.
For example, when using a load_file() query (within a SQL Injection) to view the page source.
Detected webroot/file is:
• /var/www/
Detected system is:
• linux
Found in URL:
• https://brokencrystals.com/api/products/latest
Detected that a new fake cookie(s) was added with the same name, but with a different value appended to the end of the cookie(s):
Original cookie:
• bc-calls-counter=1660141182944; connect.sid=I-qxtQdbdYj8S6vWh4ZZT9TCUP177Paz.HHQP8VWm%2FkGXPZv5oelGJh%2FiI0XDIpWo6GzNNIAlX6E
New cookie:
• bc-calls-counter=1660141182944; connect.sid=I-qxtQdbdYj8S6vWh4ZZT9TCUP177Paz.HHQP8VWm%2FkGXPZv5oelGJh%2FiI0XDIpWo6GzNNIAlX6E; bc-calls-counter=.
Cookie that is added:
• bc-calls-counter=.
Cookie key is:
• bc-calls-counter
Token is:
• .
Possible exposure
Read Application Data, Access to Privileged Information
Remediation suggestions
To fix this vulnerability –
• Disable debug information in the web server’s configuration.
• Improve the error handling and parsing of cookies in the relevant code paths, so that exceptions and/or errors will not leak internal information.
Request
Response
External links