Request a Demo

Global.asa backup file found

Description

Kayran has detected a ‘Global.asa’ file in your system.
This file is an optional file in which can be used to specify event scripts and declare objects that have session or application scopes.
Global.asa file is (usually) not accessible, since the web servers restrict access to this file.

Categorized as a ‘Insertion of Sensitive Information into Externally-Accessible File or Directory’ vulnerability (CWE-538).
In this category, products place sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information itself.

This backup file may contain sensitive information such as: database credentials and sensitive source code snippets.

Information Disclosure exists, which could assist attackers in performing attacks against your assets.

Recommendation

Make sure that access to the ‘Global.asa’ file is restricted so that only authorized actors can access it.
Or, remove the file from the system entirely.

References

https://cwe.mitre.org/data/definitions/538.html

< Return to all Vulnerabilities

Request a Demo

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »

Crossing Scripts – XSS

Injections. SQL Injections. Cross-site Scripting (hence the amazing title “Crossing Scripts – XSS”). There all sorts of Injection-Based attacks, if you want to read about

Read More »

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 30,000+ vulnerabilities.Kayran’s mission is to make

Read More »
Facebook Linkedin

WEB APPLICATION VULNERABILITY SCANNER

Links

registered user?

Log in
Facebook Linkedin