4.7. File reading

Consider reading files that may have sensitive information

• Sensitive files in user directory

  • .bash_history

  • .zsh_history

  • .profile

  • .bashrc

  • .gitconfig

  • .viminfo

  • passwd

• Application configuration file

  • /etc/apache2/apache2.conf

  • /etc/nginx/nginx.conf

• Application log file

  • /var/log/apache2/access.log

  • /var/log/nginx/access.log

• Sensitive files under site directory

  • .svn/entries

  • .git/HEAD

  • WEB-INF/web.xml

  • .htaccess

• special backup file

  • .swp

  • .swo

  • .bak

  • index.php~

  • …

• Python的Cache

  • __pycache__\__init__.cpython-35.pyc