Acunetix - [Possible] Backup Source Code Detected

[goestin820]

Target URL	http://testphp.vulnweb.com
Target Description	test
Severity	High

Affects

http://testphp.vulnweb.com/index.zip

Attack Details

This file was found using the pattern ${fileName}.zip.
Original filename: index.php

HTTP Request

GET /index.zip HTTP/1.1
Range: bytes=0-99999
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Host: testphp.vulnweb.com
Connection: Keep-alive

Vulnerability Description

A possible backup file was found on your web-server. These files are usually created by developers to backup their work.

Impact

Backup files can contain script sources, configuration files or other sensitive information that may help an malicious user to prepare more advanced attacks.

Remediation

Remove the file(s) if they are not required on your website. As an additional step, it is recommended to implement a security policy within your organization to disallow creation of backup files in directories accessible from the web.

---

References:

• Testing for Old, Backup and Unreferenced Files (OWASP-CM-006)
• Security Tips for Server Configuration
• Protecting Confidential Documents at Your Site