Complimentary 90-day, on-prem license available for entities involved in Covid19 response.
Detail

Backup Source Code Detected

Severity: High

Summary

Netsparker detected backup source code on your web server.

Impact
Depending on the nature of the source code disclosed, an attacker can mount one or more of the following types of attacks:
  • Access the database or other data resources. With the privileges of the account obtained, attempt to read, update or delete arbitrary data from the database.
  • Access password protected administrative mechanisms such as "dashboard", "management console" and "admin panel" potentially leading to full control of the application.
  • Develop further attacks by investigating the source code for input validation errors and logic vulnerabilities.
Actions To Take

Remove all temporary and backup files.

Required Skills for Successful Exploitation
This is dependent on the information obtained from source code. Uncovering these forms of vulnerabilities does not require high levels of skills. However, a highly skilled attacker could leverage this form of vulnerability to obtain account information for databases or administrative panels, ultimately leading to control of the application or even the host the application resides on.
Classifications
PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, CWE-530, HIPAA-530, ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Netsparker Security Insights
Helpful Use Cases
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

Select Category

OR

Search Vulnerability

Tags

code  OWASP 

Related Vulnerabilities

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO

RESOURCES

USE CASES

WEB SECURITY

COMPANY

Netsparker Ltd

  • 220 Industrial Blvd Ste 102
    Austin, TX 78745
Copyright © 2020 Netsparker Ltd. All rights reserved.
Privacy Policy | Data Protection Policy | Sitemap