A server vulnerability can be exploited to read arbitrary files. This vulnerability can be used to reveal the
source code of application files as well as display configuration files. Source code disclosure exposes
application information such as input validation filters, database connection strings and queries, or
An attacker with information about input validation filters may be able to craft a specific request that
bypass the filter.
Information about database connection strings exposes the user name and password used to access the database.
Information about how database queries are constructed can help attackers create SQL injection exploits that
specific information from the database.
Hard-coded passwords within configuration files or application source code may enable an attacker to access
portions of the application that are otherwise restricted.