.idea Project Directory

Description

During the scan, Kayran managed to find the “.idea Project Directory” Vulnerability.
The “.idea” directory contains configuration files (of .XML type), these files may lead the attacker to your database and credentials, it can contain sensitive data such as : the location of your Windows directory, your saved personal settings, and many more.
These files should not exist on the production system.

These files might contain sensitive information which may assist a certain attacker to perform more advanced attacks, harming your web assets in a much greater extent.

Recommendation

Remove these files from any production related systems, or, restrict the access to this folder so that only authorized personal have access to it.

References

https://kayran.io/blog/blog/information-disclosure-self-revealing-our-secrets/

< Return to all Vulnerabilities

Crossing Scripts – XSS

Injections. SQL Injections. Cross-site Scripting (hence the amazing title “Crossing Scripts – XSS”). There all sorts of Injection-Based attacks, if you want to read about

Read More »

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »