Critical File Found

Summary :

It means whenever any web server or a web application having file that contains some kind of sensitive information and can be use for further attacks. It includes files having database passwords, web server authentication data, critical business logic information etc.

This is also one of the most common issue that is found on the websites. For finding this vulnerability I have made a file which contains 5000+ critical files that could be found on the websites.

How to find this vulnerability ?

1. Go to your target website for example : www.target.com
2. Now add the identifier at the end of the URL like : www.target.com/idfn

Adding identifier

3. Now hit enter and capture the request using burp suite

Capturing Request

4. Send the request to intruder and click on clear

5. Now select the idfn (identifier) and click on add

Intruder

6. Now go to payload section and select the option Runtime file and add the payload file

Payload file

7. Click on start attack and check for the Status - 200 which means file has been found

Status 200

8. Now check the file

.env file

NOTE : If anyone wants the payload file then send me your email on instagram.

Thank you :)

Instagram : jerry._.3