In this little write up today, I am going to try and explain you what
'FPD' is, how to detect it, analyze it, and some pretty good methods of
finding it in the wild.
/* Note that my write up was intended to PHP-based websites, but some of the methods works for ASP/ASPX too. */
what is FPD
FPD' (Stands for Full Path Disclosure)
is one of the most common methods of attacks (While I doubt this kind
of action categorized as a form of an attack, it is still a
highly-related method of website security testing), that Pen-testers /
Hackers / whatever use in order to gain an error which will expose the
full installation path of the targeted site.
Why is this happening?
By default (Don't quote me here. Some web-services and packages disable
this function, but partly in most cases), the PHP error reporting
function -
Code:
error_reporting(0);