Possible Source Code Disclosure (PHP)

Description

During the scan, Kayran managed to find a Possible Source Code Disclosure (PHP) vulnerability.
An attacker could obtain the source code on the server-side of the web application, which may contain highly sensitive data – such as database connection, credentials – along with the logic behind the code and the business logic of the application.

The attacker might abuse this vulnerability to collect sensitive information about the system.
An attacker can use this information to perform more advanced attacks later on.

By obtaining the source code, the attacker will be able to deeply understand the logic of the web application, how the application handles requests and their parameters, vulnerabilities in the code and source code comments.

Recommendation

To prevent the Possible Source Code Disclosure (PHP) vulnerability, implement access control and access to non-public files, ensure that no code is left in the comments. If possible, it’s better to remove these files.

References

https://cwe.mitre.org/data/definitions/200.html

< Return to all Vulnerabilities

HTTP VS. HTTPS

You must have once wondered what HTTP means and what is the difference between that ugly word to HTTPS, and if not, then please read

Read More »

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »

Servers 101

Let’s have a “quick” Servers 101 Course. Courtesy of Kayran! If you’ve been on the internet for over an hour, you probably already heard of

Read More »