Source Code Disclosure
Description
A server vulnerability can be exploited to read arbitrary files. This vulnerability can be used to reveal the source code of application files as well as display configuration files. Source code disclosure exposes sensitive application information such as input validation filters, database connection strings and queries, or hard-coded passwords.
An attacker with information about input validation filters may be able to craft a specific request that would bypass the filter.
Information about database connection strings exposes the user name and password used to access the database. Information about how database queries are constructed can help attackers create SQL injection exploits that pull specific information from the database.
Hard-coded passwords within configuration files or application source code may enable an attacker to access portions of the application that are otherwise restricted.
Solution(s)
- appspider-source-code-disclosure
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center