I Introduction
Today i'm gonna teach you how to get the full path disclosure also known ass FPD
II Learning Basics
What is fpd?
FPD or Full Path Disclosure is an internal path structure of installation.
Example:
/home/www/htdocs/
Why attackers need fpd sometimes?
Attackers need it because they need the full path disclosure to deploy their backdoor shell.
This is very needed for uploading shell in sql injection, INTO OUTFILE
Example you visit the url www.website.com/index.php
in internal path, its /home/www/htdocs/index.php
III Getting Full Path Disclosure
1) Using Error.
in SQL Injection, you can already get the FPD if the error_reporting is enabled.
http://jornaldacidadearuja.com.br/guia/det.php?id=19'
If you see the error
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/jornaldacidade/public_html/site/include/mysql.inc.php on line 142
You already got the FPD, Ez.
2) Using empty array
example this is the page
www.website.com/page=about
Lets make the variable page an empty array
www.website.com/page[]=about
So after doing it, you'll see an error if the error_reporting is enabled.
Warning: opendir(Array): failed to open dir: No such file or directory in /home/omg/htdocs/index.php on line 84 Warning: pg_num_rows(): supplied argument … in /usr/home/example/html/pie/index.php on line 131
3) Google Dorks
You can use google dorks to find the FPD of the website,
example dork:
Warning: * [function.*]: site:www.website.com
Or you can use dork to use this dork
ip:xxx.xxx.xxx.xx * [function.*]:
You can make your own dork if you want
IV Goodbye
So that's all for now, hope you enjoy my post if you have some question or feedback please feel free to say it in comment!
No comments:
Post a Comment