Script source code disclosure


It is possible to read the source code of this script by using script filename as a parameter. It seems that this script includes a file which name is determined using user-supplied data. This data is not properly validated before being passed to the include function.

ShareShare on FacebookTweet about this on TwitterShare on Google+

An attacker can gather sensitive information (database connection strings, application logic) by analysing the source code. This information can be used to launch further attacks.

Analyse the source code of this script and solve the problem.

Source Code Disclosure Can Be Exploited On Your Website