
Code Auditing and Reverse Engineering • Chapter 6 235
Because the actual method of information disclosure can widely vary
within any language, there are no exact functions or code snippets to
look for.
Checking for File System Access/Interaction
The Web is basically a graphically based file sharing protocol; the
opening and reading of user-specified files is the core of what makes the
Web run.Therefore, it’s not far off base for Web applications to interact
with the file system as well. Essentially, you should definitively know
exactly where, when, and how a Web application accesses the local file
system on the server.The danger lies in using filenames that ...