Exposure of Backup File to an Unauthorized Control Sphere
Description A backup file is stored in a directory that is accessible to actors outside of the intended control sphere. Extended DescriptionOften, old files are renamed with an extension such as .~bk to distinguish them from production files. The source code for old files that have been renamed in this manner and left in the webroot can often be retrieved. This renaming may have been performed automatically by the web server, or manually by the administrator. Applicable PlatformsNone Time Of Introduction
Common Consequences
Detection MethodsNone Potential Mitigations
Relationships
Demonstrative ExamplesNone White Box Definitions None Black Box Definitions None Taxynomy Mappings
References:None |