Internal Path Disclosure

Introduction

Path Disclosure vulnerability enables an attacker to see the full path of record and ithelps the attacker to identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.

How it works

This is how it disclosed.

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\en\events_detail.php on line 47

This vulnerability if exploited could lead to Directory transversal which could lead for an attacker to gain read only access to root or other directories and ultimately to the web server.

How to Fix

Wordpress path disclosure vulnerability:

  • for Dedicated/VPS designs it's more probable in /etc/php.ini

  • for shared hosting it ought to be in the root folder (public_html). It is only an extra ini documents which over-burdens the fundamental php.ini settings.In the event that there isn't there you may need to make it.

display_errors = 0
display_errors = Off

Disabling Warning and Errors in .htaccess file

This method is applied to the .htaccess file in the root folder of the wordpress installation. Then you only have to add the following line if php is installed as an apache module:php_flag display_errors off

Disabling Warning and Errors in php file

If we add it in the wp-config.php file it will work in many scenarios, but now if someone is invoking http://site.com/wp-includes/rss.php. In this case wp-config is not called, our configuration is not picked up, so as a result, a warning will be fired, exposing the internal structure. This option would work if it would be added in all the php files, which obviously is not a solution.

ini_set('display_errors','Off');

When the configuration is done, you can use the phpinfo() method to check if it’s done. After finishing it, remember to delete the phpinfo file.

display_errors

Off

Off

display_startup_error

Off

Off

Configure 500 error to all custom pages of web application.

References

Last updated

Was this helpful?