Script source code disclosure

Script source code disclosure

Published on 2004-03-27. Updated on 2009-04-22.

Description:
It is possible to read the source code of this script by using script filename as a parameter. It seems that this script includes a file which name is determined using user-supplied data. This data is not properly validated before being passed to the include function.

Impact:
An attacker can gather sensitive information (database connection strings, application logic) by analysing the source code. This information can be used to launch further attacks.

Recommendation:
Analyse the source code of this script and solve the problem.

Tags: Parameter manipulation

Alert Tags: source_code_disclosure,information_disclosure
ApplicableApplicationServer : All
ApplicableOS: All
ApplicableWebServer: All

References:

iMPERVA Source Code Disclosure

Go Back

• Product Information
• Download
• Product Tour
• Brochure (PDF)
• Pricing
• Testimonials
• Customer references
• Resell Acunetix
• Acunetix in the Press
• List of vulnerability checks

• Learn more
• SQL Injection
• Cross site scripting
• Web Security
• Directory Traversal
• Ajax Application Security
• Google Hacking