Title:

Possible Internal Path Disclosure in the webpage. This can help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.

Vulnerability:

Full Path Disclosure vulnerability enables an attacker to see the full path of record and the exploiter can utilize this data for misusing some different vulnerability like Local File Inclusion.

Ex: Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\en\events_detail.php on line 47

This vulnerability if exploited could lead to Directory transversal which could lead for an attacker to gain read only access to root or other directories and ultimately to the web server.
Ex:
example.com/load.php?file=image.jpg                                 example.com/load.php?file=../../secret/key.txt
example.com/admin/uploads/images/image.jpg                             example.com/admin/secret/key.txt      

Full Path Disclosure can likewise be utilized to uncover the underlaying OS by observing the path in the error. Windows for example dependably begin with a drive-letter, e.g; C:\, while Unix based OS tend to begin with a single front slash.

The threat with respect to FPD may create different results. Ex, if the webroot is getting accessible, exploiters may exploit the information and utilize it in combination with file inclusion vulnerabilities to take config documents regarding the web application or the rest of the operating system.

Solution:

Wordpress full path disclosure vulnerability:

  • for Dedicated/VPS designs it's more probable in /etc/php.ini
  • for shared hosting it ought to be in the root folder (public_html). It is only an extra ini documents which over-burdens the fundamental php.ini settings. In the event that there isn't there you may need to make it.

display_errors = 0
display_errors = Off
Disabling Warning and Errors in .htaccess file
this method is applied to the .htaccess file in the root folder of the wordpress installation. Then you only have to add the following line if php is installed as an apache module:
php_flag display_errors off

Disabling Warning and Errors in php file
If we add it in the wp-config.php file it will work in many scenarios, but now if someone is invoking http://site.com/wp-includes/rss.php. In this case wp-config is not called, our configuration is not picked up, so as a result, a warning will be fired, exposing the internal structure. This option would work if it would be added in all the php files, which obviously is not a solution.
ini_set('display_errors','Off');
When the configuration is done, you can use the phpinfo() method to check if it’s done. After finishing it, remember to delete the phpinfo file.

display_errors

Off

Off

display_startup_error

Off

Off

 

Configure 500 error to all custom pages of web application.