Possible sensitive files

Description

During the scan, Kayran managed to find some possible sensitive exposed files. That allows an attacker to view and even and download these files.

An attacker could access these sensitive files and use the information they contain in order to perform reconnaissance actions against the website’s infrastructure and sensitive data that the website might hold.

By revealing this info (Information Disclosure) you will make an attacker’s job easy to see what versions of plugins and components are installed. That will assist him in finding attack vectors more easily.

Recommendation

To prevent this vulnerability, make sure to restrict access to these files. Doing so will assure that users without permission can’t access them, or, you can remove them completely from the website.

References

https://cwe.mitre.org/data/definitions/200.html

< Return to all Vulnerabilities

Using VPN

What is a VPN? Why should someone be using VPN? Which Problems does is solve? and what is the advantages and disadvantages of it? Let’s

Read More »

HTTP VS. HTTPS

You must have once wondered what HTTP means and what is the difference between that ugly word to HTTPS, and if not, then please read

Read More »

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »