Full path disclosure
Vulnerability Category: A6- Security Misconfiguration
Vulnerability Description: The file paths can be revealed in the client-side source-code utilized by the application, as parameters passed within the application, or even as part of error messages. This information gives an attacker details about the operating system used by the server or developer, and may also give an attacker additional details on what technologies the application utilizes. An attacker would be able to use this information to limit attacks and techniques to those technologies used by the application which could make it easier to find and exploit a vulnerability.
Impact: This information can help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.
Recommendation: Remove any reference to absolute file paths that can be revealed client-side.
Severity : Medium
CVSS v3.0 Score: 5.3
CVSS v3.0 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
How to Test:
1) Check for verbose error messages
2) Check in application response which reveals path to the operating system directories
Tools to Use:
Note: Please i am newbie in this field , If i do mistakes in my posts please notify me I will rectify and learn more about it