Information Disclosure

Information disclosure, also known as information leakage, is when a website unintentionally reveals sensitive information to its users.

• Files for web crawlers (robots.txto /sitemap.xml)

• Directory listings

• Developer comments

• Error messages

• Debugging data

• Source code disclosure via backup files (ex. appending a tilde ~ to a filename to retrieve an editor-generated backup file)

• Insecure configuration (TRACE for information disclosure, such as the name of internal authentication headers)

• Version control history (such as Git, /.git)