Information Disclosure may result when internal information is
disclosed to the user-agent (browser). These paths can be
used in other attacks.
Attempt to discover if it is possible to cause errors by injecting
all input parameters with characters that are reserved in various
contexts.
Search web page sources (view source) for internal information
disclosure.
Search for custom administrative pages and administrative consoles
such as phpMyAdmin installations.
Search pages with and without injection. Use the grep feature of
Burp-Suite to seach for inappropriate information. Search for known
common administrative consoles such as phpMyAdmin installations,
Drupal and Wordpress consoles.
Click here to watch How to grab robots.txt file with CURL
Click here to watch How to list HTTP Methods with CURL
Click here to watch How to list HTTP Methods with NMap
Click here to watch Determine HTTP Methods using Netcat
Click here to watch How to grab HTTP Server Banners with CURL
Click here to watch How to grab HTTP Server Banners with NMap
Click here to watch Determine Server Banners using Netcat, Nikto, and w3af
Click here to watch Using Nmap to Fingerprint HTTP servers and Web Applications
Click here to watch Finding Comments and File Metadata using Multiple Techniques
Click here to watch How to Sweep a Web Site for HTML Comments
Click here to watch How to Install dirb on Linux
Click here to watch How to Use dirb to Locate Hidden Directories on a Web Site
Click here to watch How to Install OWASP DirBuster on Linux
Click here to watch How to use OWASP DirBuster to Discover Hidden Directories on Web Sites
Click here to watch How to Create Wordlists from Web Sites using CEWL
|