Backup Source Code Detected
Invicti detected backup source code on your web server.
Depending on the nature of the source code disclosed, an attacker can mount one or more of the following types of attacks:
- Access the database or other data resources. With the privileges of the account obtained, attempt to read, update or delete arbitrary data from the database.
- Access password protected administrative mechanisms such as "dashboard", "management console" and "admin panel" potentially leading to full control of the application.
- Develop further attacks by investigating the source code for input validation errors and logic vulnerabilities.
Actions To Take#
Remove all temporary and backup files.
Required Skills for Successful Exploitation#
This is dependent on the information obtained from source code. Uncovering these forms of vulnerabilities does not require high levels of skills. However, a highly skilled attacker could leverage this form of vulnerability to obtain account information for databases or administrative panels, ultimately leading to control of the application or even the host the application resides on.
Invicti Security Insights
- Picking up a clear signal at OWASP 2023 Global AppSec Dublin
- What is server-side request forgery (SSRF) and how can you prevent it?
- What the OWASP Top 10 2021 categories mean for OWASP compliance
- The new OWASP Top 10 is not what you think
- Invicti Supports the OWASP Lightning Event “How to Turn your Cybersecurity Hobby into a Career – An Introduction to Bug Bounties”