Local File Disclosure Vulnerability: A Case Study of Public-Sector Web Applications

M. Imran Ahmed, Md Maruf Hassan, Touhid Bhuiyan

Research output: Contribution to journalArticlepeer-review

2 Citations (Scopus)

Abstract

Almost all public-sector organisations in Bangladesh now offer online services through web applications, along with the existing channels, in their endeavour to realise the dream of a ‘Digital Bangladesh’. Nations across the world have joined the online environment thanks to training and awareness initiatives by their government. File sharing and downloading activities using web applications have now become very common, not only ensuring the easy distribution of different types of files and documents but also enormously reducing the time and effort of users. Although the online services that are being used frequently have made users’ life easier, it has increased the risk of exploitation of local file disclosure (LFD) vulnerability in the web applications of different public-sector organisations due to unsecure design and careless coding. This paper analyses the root cause of LFD vulnerability, its exploitation techniques, and its impact on 129 public-sector websites in Bangladesh by examining the use of manual black box testing approach.
Original languageEnglish
Article number012011
JournalJournal of Physics: Conference Series
Volume933
Issue number1
DOIs
Publication statusPublished - 3 Jan 2018
Externally publishedYes

Fingerprint

Dive into the research topics of 'Local File Disclosure Vulnerability: A Case Study of Public-Sector Web Applications'. Together they form a unique fingerprint.

Cite this