[INFORMATION DISCLOSURE]
GENERAL INFORMATION
NOTE: Basically it is something when you found something that does not need to be external exposed. 1. Inspect the code. 2. Proxy the traffic to check the requests 2. Enumerate directories, endpoints, etc. [robots.txt]VIA ERROR MESSAGES
NOTE: It will be needed to find a way to make the application generate an error. Input, ID validations, comments, etc. SAMPLE: GET /product?productId=1 For example, in here you can see the value of productId is looking for number 1. Try to change the value from integer to string and try it, that is one option to proceed.BYPASS
NOTE: Mostly this is related when exist some kind of HEADER or field that will leak any information that can lead to something else. 1. It is important to verify which HTTP verbs are supported by the application. [GET/POST/TRACE, etc.] 2. Sometimes different headers can do some tricks to by-pass mechanism due to the restrictions. SAMPLE: "Admin interface only available to local users" X-Custom-IP-Authorization | X-Forwarded-For 3. X-Custom-IP-Authorization >> can be used to determine whether or not the request came from the localhost IP.
©® - Since 2023