Netsparker identified a web page that discloses PHP (server side) source code. An attacker can obtain server side source code of web application, which can contain sensitive data such as database connection strings, usernames and passwords along with the technical and business logic of the application.
Depending on the source code, database connection strings, username and passwords, internal workings and business logic of application can be revealed. With such information an attacker can mount the following types of attacks:
Actions to Take
Required skills for successful exploitation
This is dependent on the information obtained from source code. Uncovering these forms of vulnerabilities does not require high levels of skills. However a highly skilled attacker could leverage this form of vulnerability to obtain account information for databases or administrative panels, ultimately leading to control of the application or even the host the application reside on.