Severity: Information
Netsparker detected a possible ASP.NET configuration file (web.config
).
web.config
file, database connection strings, username and passwords, the internal workings, used and referenced libraries and business logic of application might be revealed. With such information, an attacker can mount the following types of attacks:web.config
file is actually the web application's web.config
file.web.config
file, change your configuration to prevent public users from accessing it. If it is not, then remove it from the web server.