Local File Disclosure Vulnerability: A Case Study of Public-Sector Web Applications

Abstract

Abstract Almost all public-sector organizations in Bangladesh now offer online services through web applications, along with the existing channels, in their endeavor to realize the dream of a 'Digital Bangladesh'. Nations across the world have joined the online environment thanks to training and awareness initiatives by their government. File sharing and downloading activities using web applications have now become very common, not only ensuring the easy distribution of different types of files and documents but also enormously reducing the time and effort of users. Although the online services that are being used frequently have made users' life easier, it has increased the risk of exploitation of local file disclosure (LFD) vulnerability in the web applications of different public-sector organizations due to unsecure design and careless coding. This paper analyses the root cause of LFD vulnerability, its exploitation techniques, and its impact on 129 public-sector websites in Bangladesh by examining the use of manual black box testing approach.