BACKUP FILES /Backup Archives:
BACKUP FILES /Backup Archives:
BACKUP FILES:
extension of backup files: .tar, .zip or .gz etc.
Automatic copies created by many editors (for example, emacs generates a backup copy named file~ when editing file).
Making a copy by hand may produce the same effect (think of copying file to file.old).
The underlying file system the application is on could be making snapshots of your application at different points in time without your knowledge, which may also be accessible via the web, posing a similar but different backup file style threat to your application.
login.asp named login.asp.old,
for example, requesting viewdoc.bak may return the source code for viewdoc.jsp,
While this threat obviously applies to scripted languages, such as Perl, PHP, ASP, shell scripts, JSP, etc.
find out how backfiles are created, why developers create such files, and naming conventions of that is it depends on programming languages.
how to find out unreferenced pages of websites.
For example, if you forget a file named myservlets.jar.old file containing (a backup copy of) your servlet implementation classes, you are exposing a lot of sensitive information which is susceptible to decompilation and reverse engineering.
how to find out Log files of websites??Other log files (e.g. ftp logs)
File system snapshots?
For example
/.snapshot/monthly.1/view.phpmay contain a directory traversal vulnerability that has been fixed in/view.phpbut can still be exploited by anyone who finds the old version.
Test Objectives
Find and analyse unreferenced files that might contain sensitive information.
Testing for unreferenced files uses both automated and manual techniques, and typically involves a combination of the following:
Inference from the Naming Scheme Used for Published Content
using an application spidering tool. For example, if a page viewuser.asp is found, then look also for edituser.asp, adduser.asp and deleteuser.asp. If a directory /app/user is found, then look also for /app/admin and /app/manager.
These clues often appear in the source code of HTML and JavaScript files.
Programmers’ comments and commented-out sections of source code may refer to hidden content:
JavaScript may contain page links that are only rendered within the user’s GUI under certain circumstances:
HTML pages may contain FORMs that have been hidden by disabling the SUBMIT element:
Another source of clues about unreferenced directories is the /robots.txt file used to provide instructions to web robots:
Identify the file extensions in use within known areas of the application (e.g. jsp, aspx, html), and use a basic wordlist appended with each of these extensions (or use a longer list of common extensions if resources permit).
For each file identified through other enumeration techniques, create a custom wordlist derived from that filename. Get a list of common file extensions (including ~, bak, txt, src, dev, old, inc, orig, copy, tmp, swp, etc.) and use each extension before, after, and instead of, the extension of the actual filename.
Note: Windows file copying operations generate filenames prefixed with “Copy of “ or localized versions of this string, hence they do not change file extensions. While “Copy of “ files typically do not disclose source code when accessed, they might yield valuable information in case they cause errors when invoked.
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — vim creates swap files on edit. : filename.txt.swp Do fuzzing through this tool and payloads.
— — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Last updated