Leak data that should not be there

Examples:

• Revealing the names of hidden directories, their structure, and their contents via a robots.txt file or directory listing
• Providing access to source code files via temporary backups
• Explicitly mentioning database table or column names in error messages
• Unnecessarily exposing highly sensitive information, such as credit card details
• Hard-coding API keys, IP addresses, database credentials, and so on in the source code
• Hinting at the existence or absence of resources, usernames, and so on via subtle differences in application behavior

Searching

• Fuzzing using burp intruder and logger ++
• Burp scanner (with scanner+ etc)
• Burp engagement tools like search, param miner, dom etc
• Engineering responses like forcing error message

Common sources

web crawler files

• /robots.txt
• /sitemap.xml
• /.well-known/ wikipedia list

Directory listings

Should be found with dirb etc.

developer comments

Look in th sources

error messages

May come up when fuzzing parameters.
look for version numbers etc

debugging data

look for phpinfo.php references etc.

IDOR

see access control

Source code through backup

Some os put a tilde after the filename or add .bak

• index.php~
• index.php.bak
• .git

insecure config

Try using HTTP TRACE method to discover undocumented headers

---