Introduction :
is when a website unintentionally reveals sensitive information to its users
Testing :
Test 1 ( trying to access through robots.txt file ):
For every website there is a file called robots.txt ( not necessarily for every website ) which tells the search engines what not to display to the users
It can be accessed by somewhat typing : example.com/home/robots.txt
Note : make sure to be on the main page
Ex :
we can see here that /backup file is hidden from all users
So try to load that file like this :
If Security is bad it will show up :
and we find another file so try to open it like this :
and we see that we can actually access the code which is written in Java and contains a lot of valuable information and we can also see that the website is using PostgreSQL
NOTE : try to read the code to see what’s going on or copy paste to ChatGPT
But this is not showing all the accessible files so we can use a tool to discover hidden files