Sumeru Cyber Security
  • Sumeru Cyber Security
  • Workarounds for prevalent vulnerabilities
    • Version Disclosure
    • Host Header Attack
    • HttpOnly and Secure Flag
    • Security Headers
    • Clickjacking
    • Weak Password
    • Username Enumeration
    • jQuery Outdated
    • Cross-Origin Resource Sharing
    • AWS S3 Bucket Misconfiguration
    • Directory Listing
    • Laravel Debug Enabled
    • Autocomplete and Remember Password Enabled
    • Brute Force Attack
    • Cross Site Request Forgery
    • SQL Injection
    • PhpMyAdmin page Available Publicly
    • Implementation of BASIC Authentication
    • Cache Browsing
    • Insecure Direct Object Reference
    • Active mixed content over https
    • Improper forgot password implementation
    • ASP.NET Debug Enabled
    • Sensitive Data Sent in GET Request
    • Weak CAPTCHA Implementation
    • Csv Injection
    • Cross Site Scripting
    • Web Server Robot.txt Information Disclosure
    • SSL Related Issues
    • Local File Inclusion
    • Weak CAPTCHA Implementation
    • Automated Form Submission
    • Php.ini File Available Publicly
    • ITLP
    • Internal Path Disclosure
    • Insecure Direct Object Reference
    • Access Token Not Expiring After Logout
  • OWASP A09-Security Logging and Monitoring Failures
  • OWASP API09-Improper Inventory Management v1.0
Powered by GitBook
On this page
  • Introduction
  • How it works
  • How to Fix
  • Wordpress path disclosure vulnerability:
  • Disabling Warning and Errors in .htaccess file
  • Disabling Warning and Errors in php file
  • References

Was this helpful?

  1. Workarounds for prevalent vulnerabilities

Internal Path Disclosure

Introduction

Path Disclosure vulnerability enables an attacker to see the full path of record and ithelps the attacker to identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.

How it works

This is how it disclosed.

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\en\events_detail.php on line 47

This vulnerability if exploited could lead to Directory transversal which could lead for an attacker to gain read only access to root or other directories and ultimately to the web server.

How to Fix

Wordpress path disclosure vulnerability:

  • for Dedicated/VPS designs it's more probable in /etc/php.ini

  • for shared hosting it ought to be in the root folder (public_html). It is only an extra ini documents which over-burdens the fundamental php.ini settings.In the event that there isn't there you may need to make it.

display_errors = 0
display_errors = Off

Disabling Warning and Errors in .htaccess file

This method is applied to the .htaccess file in the root folder of the wordpress installation. Then you only have to add the following line if php is installed as an apache module:php_flag display_errors off

Disabling Warning and Errors in php file

ini_set('display_errors','Off');

When the configuration is done, you can use the phpinfo() method to check if it’s done. After finishing it, remember to delete the phpinfo file.

display_errors

Off

Off

display_startup_error

Off

Off

Configure 500 error to all custom pages of web application.

References

PreviousITLPNextInsecure Direct Object Reference

Last updated 5 years ago

Was this helpful?

If we add it in the wp-config.php file it will work in many scenarios, but now if someone is invoking . In this case wp-config is not called, our configuration is not picked up, so as a result, a warning will be fired, exposing the internal structure. This option would work if it would be added in all the php files, which obviously is not a solution.

http://site.com/wp-includes/rss.php
https://owasp.org/www-community/attacks/Full_Path_Disclosure
https://www.valencynetworks.com/kb/internal-path-disclosure.html