[infosecinstitute] Exploiting by Information Disclosure, Part 1

Information disclosure is considered to be a serious threat, wherein an application reveals too much sensitive information, such as mechanical details of the environment, web application, or user-specific data. Subtle data may be used by an attacker to exploit the target hosting network, web application, or its users. Therefore, leakage of sensitive data should be limited or prevented whenever possible. This paper is intended to unfold the information disclosure bugs in software or websites which can be utilized by attackers to unveil sensitive data or even exploit other applications of the machine, and it is dedicated to newbies, developers, and experienced professionals to get them to understand how to shield from this attack, because they are limited to coding and functionality implementation for the software. In fact, a software developer doesn’t have knowledge or awareness about information security framework. Hence they usually don’t think like a hacker and will leave such bugs inadvertently, which are exploited by intruders later.