[Possible] Internal Path Disclosure (Windows)
Description
This vulnerability occurs when a web application exposes the full internal file system paths of the Windows server in its responses. These paths may appear in error messages, debug output, or other application responses. Disclosing internal directory structures provides attackers with valuable reconnaissance information about the server's configuration and file organization.
This alert may be a false positive and requires manual verification to confirm whether the disclosed paths represent actual server directories.
Remediation
Implement the following measures to prevent internal path disclosure:
1. Configure Custom Error Pages:
Replace detailed error messages with generic error pages that do not expose system information.
// ASP.NET web.config example
<system.web>
<customErrors mode="On" defaultRedirect="~/Error.html">
<error statusCode="404" redirect="~/NotFound.html"/>
<error statusCode="500" redirect="~/ServerError.html"/>
</customErrors>
</system.web>2. Disable Debug Mode in Production:
Ensure debug and verbose error reporting are disabled in production environments.
// ASP.NET web.config <compilation debug="false"/>
3. Implement Centralized Error Handling:
Log detailed error information server-side while displaying sanitized messages to users.
// C# example
try {
// Application code
} catch (Exception ex) {
Logger.LogError(ex); // Log full details server-side
return "An error occurred. Please contact support."; // Generic user message
}4. Review and Sanitize Output:
Audit application responses, including comments, headers, and debug output, to ensure no file paths are exposed.