Test name: Common Files Exposure
Most web applications use common files to store application configuration, logs, tokens and other sensitive information. If an attacker is not explicitly authorized and has access to that information, then such applications are vulnerable for exposing.
That allows an attacker to gain sensitive information and take control over other systems the credentials are used for (for example, third party API). This also allows finding out other secure information about the application.
This vulnerability allows an attacker to:
- Get administrative access to a system and manipulate data or manage the account
- Gain personal information of the system members
- Get log information (access log or error log)
- Get system configuration
- The issue can be found in the source code on the server side.
- The issue can be found in the server configuration.