Detections
Analytics

HTML Comments Detected

info Web App Scanning Plugin ID 113897

Language:

Synopsis

HTML Comments Detected

Description

HTML comments are often used by developers to include information related to the application inline, which are ignored by a clients browser during rendering. These comments may include sensitive information such as SQL queries, credentials or internal IP for example.

Solution

Review the HTML comments identified on the page for any information leakage, and remove any sensitive information identified.

See Also

https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage

Plugin Details

Severity: Info

ID: 113897

Type: remote

Published: 6/9/2023

Updated: 6/9/2023

Scan Template: basic, full, pci, scan