Database Name Disclosure (MySQL)

Summary

Netsparker identified a database name disclosure (MySQL) in the error message.

Impact

An attacker can perform brute-force or dictionary-based password guessing on the disclosed database name. It may also help the attacker identify other vulnerabilities or further their exploitation of other identified vulnerabilities.

Remediation

Error messages should be disabled.
Remove this kind of sensitive data from the output.

Classifications

PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-118, WASC-13, OWASP 2013-A5

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Critical
High
Medium
Low
Information

Search Vulnerability

Related Vulnerabilities

Database User Has Admin Privileges
Out-of-date Version (MySQL)
Stack Trace Disclosure (ASP.NET)
Version Disclosure (Apache)
Version Disclosure (Perl)

;

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO

Database Name Disclosure (MySQL)

NETSPARKER

WEB SECURITY

COMPANY

Netsparker Ltd