Table of the Content

In conjuction with @0a_yso

https://twitter.com/0a_yso/status/1343205555599532032

Information disclosure [robots.txt]

FLAG: flag{48104912-28b0-494a-9995-a203d1e261e7}

Impact Rationale

An attacker would be able to obtain sensitive information "flag" and hidden directory which also contains sensitive information.

Difficulty Rationale

An attacker needs to find the robots.txt file.

Description

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site that robots are allowed, or not allowed, to crawl and index. The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Observation

We observed that robots.txt file contains sensitive information:

User-agent: *
Disallow: /s3cr3t-ar3a
Flag: flag{48104912-28b0-494a-9995-a203d1e261e7}

Recommendation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honor the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorized access.

Location