Backup Directory

medium Web App Scanning Plugin ID 98073

Language:

Synopsis

Backup Directory

Description

A common practice when administering web applications is to create a copy/backup of a particular directory prior to making any modification. Another common practice is to add an extension or change the name of the original directory to signify that it is a backup (examples include `.bak`, `.orig`, `.backup`, etc.).

During the initial recon stages of an attack, cyber-criminals will attempt to locate backup directories by adding common extensions onto directories already discovered on the webserver. By analysing the response headers from the server they are able to determine if a backup directory exists. These backup directories can then assist in the compromise of the web application.

By utilising the same method, scanner was able to discover a possible backup directory.

Solution

Do not keep obsolete versions of directories under the virtual web server root.

See Also

http://www.webappsec.org/projects/threat/classes/information_leakage.shtml

https://www.owasp.org/index.php/Review_Old,_Backup_and_Unreferenced_Files_for_Sensitive_Information_(OTG-CONFIG-004)

Plugin Details

Severity: Medium

ID: 98073

Type: remote

Family: Data Exposure

Published: 3/31/2017

Updated: 1/26/2022

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 2.9

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

Reference Information

CWE: 530

OWASP: 2010-A6, 2013-A5, 2017-A6

WASC: Predictable Resource Location

DISA STIG: APSC-DV-003090

HIPAA: 164.306(a)(1), 164.306(a)(2)

ISO: 27001-A.12.3.1, 27001-A.17.1.2, 27001-A.18.1.3

NIST: sp800_53-CP-9d

OWASP API: 2019-API3, 2023-API3

OWASP ASVS: 4.0.2-12.5.1

PCI-DSS: 3.2-2.2