logo

Backup File Disclosure

  • Risk:
  • Medium

  • Type:
  • Active
Summary

A backup of the file was disclosed by the web server

Solution

Do not edit files in-situ on the web server, and ensure that un-necessary files (including hidden files) are removed from the web server.

Other info
A backup of [https://example.com/profile.asp] is available at [https://example.com/profile.asp.old]
References

https://cwe.mitre.org/data/definitions/530.html

https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information.html

Free security scan for your website