Skip to content

Information Disclosure: File disclosure

Identifier: file_disclosure

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

File disclosure vulnerabilities occur when web servers unintentionally reveal files containing sensitive details like configuration settings, credentials, or internal processes, potentially allowing attackers to understand system weaknesses and plan targeted exploits.

How we test: We attempt to access files outside the intended directory by manipulating file paths and analyzing responses to detect if sensitive files are disclosed. We test for directory traversal vulnerabilities and check if file access permissions are properly configured to prevent unauthorized file access.

Configuration

Example

Example configuration:

---
security_tests:
  file_disclosure:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.