Join Log in
Score:-1
avatar Server

Does exposing an absolute system filepath to the public present a security vulnerability, and if so, how so?

dz flag
KevinHJ

EDIT: I have reworded the title and my question to be more general, as well as being more specific as to the answer I am seeking.

I made an error when making some changes in my PHP files, and used __DIR__ to dynamically create the url in a redirect. So if users hit the redirect due to being logged out, they would have gotten directed to a url that is something like: /home/filesystem/path/to/logoutpage.php in the url, which shows up in users' location bar.

My question is, does exposing an absolute system filepath to the public present a security vulnerability? And if so, how does doing this make the site/server vulnerable? How does doing this expose data? And if so, can anyone describe what an attack would look like?

FWIW:

I examined the logfiles and all of the attempts to access that url (10 of them, which of course resulted in 404 as no file exists on that path) were either made by me, or the best I can tell, Sogou search engine (See my comment below for how I deduced this.) As I think Soguo has bigger fish to fry than trying to attack me, I feel there is no cause for alarm.

I did not expose any files containing configuration, only the file which presents a page to allow logging back in once logged out.

This is a small website used by a private community of friends, available to only about 35 registered users. It is for information only; other than storing email addresses for login identification, no other user data is stored.

41
1 + 5
Michael Hampton avatar
cz flag
Michael Hampton
Check your web server logs.
1
Reply
dz flag
KevinHJ
There are 10 hits within a half-hour period for the redirect url. 5 hits are me, the other 5 hits are from 3 IPs: 1 IP showing Soguo UA, the other 2 IPs have 2 hits each, in both cases 1 hit shows Soguo UA; the other at the same IP Shows Mozilla/Mac, but they are all within seconds of each other. Of course nothing exists in the redirect path so they are all 404 hits. But all this tells me is that they couldn't access the page; it doesn't tell me if that information can be used maliciously. This site has extremely low traffic btw.
0
Reply
dz flag
KevinHJ
Please excuse my spelling, should be Sogou.
0
Reply
djdomi avatar
za flag
djdomi
Does this answer your question? [How do I deal with a compromised server?](https://serverfault.com/questions/218005/how-do-i-deal-with-a-compromised-server)
0
Reply
djdomi avatar
za flag
djdomi
IN any case you exposed data you are not owned, you are FORCED to Contact the Dataowner or Protector in case your Living within EU :-)
0
Reply
Score:2
Michael Hampton avatar Server
cz flag
Michael Hampton

Given that all of the attempts to access these incorrect URLs resulted in 404 errors, the only thing you have leaked is your web server's document root. An attacker would need to know this in order to access the files you are serving, but first the attacker would have to break in somehow. And if the attacker has broken in, they can easily read your web server configuration to find the document root, or just poke around the filesystem until they find it. So you've given away very little of consequence.

0 + 1
dz flag
KevinHJ
Thanks Michael, your assurance is helpful.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.