Updated: Feb 14, 2020
Critical File Vulnerability means if a web server/web application having any file that contains some kind of information that may be used for further attacking.
EG: admin page, database, address book of users, etc.
Let us consider "www.xyz.com" as an example :
Most of the website has the following syntax for files:
Therefore we need to set payload in burpsuite after ' / '. STEPS: 1. Go to www.xyz.com/abc ( where abc will work as an identifier for us). 2. Keep Intercept on in burpsuite and refresh the page. So you find something like: GET /abc ....... (and all) (In burpsuite) 3. Right-click and send to the intruder. 4. In the intruder section, you will find a clear button on the right side. Click that to clear all payload. 5. Select abc( or identifier you wrote) and click on add. ( This will give burpsuite a field where the attack is to be performed) 6.Set payload 7.Start Attack. 8. If in result you get status code as 200 then it means the file is found. 9. Right-click on that file and click on show response in browser to check what the output is.
PS: TO GET PAYLOAD LIST, SEND A CHAT TO ME!