Full Path Disclosure

Overview
Full Path Disclose (AKA, FPD) vulnerabilities enable the attacker to see the path to the webroot/file. Eg: /home/omg/htdocs/file/. Certain vulnerabilities such as using the load_file query to view page sources require the attacker to have the full path to the file they wish to view.

Severity
Low to Medium (circumstantial)

Exploit Likely-Hood
Extremely High

Examples
'''Empty Array ''' If we have a site that uses a method of requesting a page like this: http://site.com/index.php?page=about We can use a method of opening and closing braces and causing the page to output an error. This method would look like this: http://site.com/index.php?page[]=about This renders the page defunct thus spitting out an error: Warning: opendir(Array): failed to open dir: No such file or directory in /home/omg/htdocs/index.php on line 84 Warning: pg_num_rows: supplied argument is not a valid PostgreSQL result resource in /usr/home/example/html/pie/index.php on line 131