Appendix D. Source Code, File, and Directory Disclosure Cheat Sheet

This appendix contains a list of all the major source code disclosure techniques discovered over the years. Many of them are specific to particular bugs in particular versions of software. Others are generic across platforms and have been known to reappear contrary to what the vendors say.

Table D-1. Source Code, File, and Directory Disclosure Cheat Sheet

Vulnerable Application HTTP Request Vulnerability Information
Allaire ColdFusion GET /CFDOCS/snippets/viewexample.cfm?viewexample.cfm Tagname=<relative path to CFM file> HTTP/1.0 http://www.securityfocus.com/bid/115
Allaire JRun Alternative Data Stream GET /file.jsp::$DATA HTTP/1.0 http://www.securityfocus.com/bid/3664
Allaire ...

Get Web Hacking: Attacks and Defense now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.