Possible Source Code Disclosure (PHP)

Description

An attacker could obtain source code on the server-side of the web application, that may contain highly sensitive data – such as database connection, credentials – along with the logic behind the code and the business logic of the application.

Bussines Impact

An attacker may use this vulnerability to collect sensitive information about the system. An attacker can use this information to conduct further attacks.

Recommendation

To prevent this finding, implement access control and access to non-public files, ensure that no code is left in the comments. if possible is better to remove these files.
Also, ensure that no code is left in the comments.

More Details

By obtaining the source code the attacker can have a deeper knowledge of the logic behind the Web application, how the application handles requests and their parameters, vulnerabilities in the code, and source code comments.

Reference

https://cwe.mitre.org/data/definitions/200.html

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

Read More »

Crossing Scripts – XSS

Injections. SQL Injections. Cross-site Scripting (hence the amazing title “Crossing Scripts – XSS”). There all sorts of Injection-Based attacks, if you want to read about

Read More »