Details
Alert ID 10095
Alert Type Active
Status beta
Risk Medium
CWE 530
WASC 34
Technologies Targeted All
Tags CWE-530
OWASP_2017_A03
OWASP_2021_A05
POLICY_QA_FULL
WSTG-V42-CONF-04
More Info Scan Rule Help

Summary

A backup of the file was disclosed by the web server.

Solution

Do not edit files in-situ on the web server, and ensure that un-necessary files (including hidden files) are removed from the web server.

Other Info

A backup of [https://example.com/profile.asp] is available at [https://example.com/profile.asp.old]

References

Code

org/zaproxy/zap/extension/ascanrulesBeta/BackupFileDisclosureScanRule.java