Source Code disclose Vulnerability
hello Security Guys ,
I’m Mohamed Serwah (serWazito0)
This is my first write up So i hope No Mistakes let’s start
in this write up i will take http://test.example.com as example
Today i will discuss What is Source Code Disclose vulnerability using vulnerable website , this vulnerability make the attacker able to read the source code of any script let’s start ….
hum it’s look like the pictures come from pictures directory let’s change this input and see how it perform after modify this input i try to modify the input ./pictures/1.jpg to ./pictures/8.jpg from 1 to 8 it will show a picture from the directory if you enter and if you try to make the website showing an image that not exists it will gave an error like this ./pictures/9.jpg also if you try to access Some php files like showimage.php , listproducts.php and categories.php it Will Gave You the next error
in fact modern browser will not show this error So what should we do ..!!
Just Copy the link and Paste it at Internet explorer it will show you the real error let’s enter ./pictures/9.jpg
hum what about if we try to open php files ??
OMG WTF …!! i got php source code ? but what wait second i have notice something that make sense to me after analyses the first line of the Code it contain database_connect.php
please my mind don’t do that 😂😂😂
let’s Open the file database_connect.php
and BOOM it’s MySQL username & password :”D
Thanks For reading and i hope U Guys Understand Well