Here's a small how-to on performing the FPD attack. I'll try making my answers as simple as possible, so don't get nervous about any unusual vocabulary or terms.
FPD, full path disclosure?
Yes.
What is an FPD?
An FPD(full path disclosure) is an attack that results in the slave page displaying an error.
What's so special about the error?
The error could give information that leads to a certain directory that isn't meant for you to see; For example, an administration panel.
How do I do a full path disclosure?
First you're going to try voiding the session ID. You can do this by downloading "Edit this Cookie", it is available for Firefox and Chrome. Then you open the cookie manager, find the PHPSESSID, change the value to nothing, and click "Submit Cookie Changes". Another way you could do this is by entering
jvoid(document.cookie="PHPSESSID="); into the address bar and hitting enter. Once you do either of those, refresh the page and check for an error from the site.
If that doesn't work, then you can try finding a location on the site that looks something like this:
http://www.x.com/x.php?app=x%01
The X's could be anything(such as the name of a page or the website). The "app" could be mostly anything, but you will usually see it being something like app, url, page, or action. If you see that, then you can attempt to add an empty array before the '=' sign. This is an empty array, []. So now the url would look like this:
http://www.x.com/x.php?app[]=x
Once you insert the empty array, go to the modified url.
Okay, I got an error... Now what?
The error probably looks something like this:
Warning: trim() expects parameter 1 to be string, array given in /home/x/public_html/y/z/sources/base/a.php on line 1645
The "/home/X/public_html/Y/Z/sources/base/A.php" is a full path. One of those might be an important directory. What you can try doing is removing things one by one, start by taking off A.php and trim it down to home; maybe there might be an interesting page somewhere. If it's in none of those, you can try checking through a directory that isn't listed with some from the original error. It will usually be anything that sounds like it's a real name. An example of those in the error would be home, X, Y, Z, and A.php. So you could try those on different directories like:
x.com/x
x.com/forums/x
x.com/forums/index.php/x/y
x.com/z/a.php
x.com/x/y/z
Go through these steps, and you might come across some interesting places on your target website.
Pages
Powered by Blogger.
0 comments:
Post a Comment