Backup directory

Medium Web Application Scanning Plugin ID 98073

Synopsis

Backup directory

Description

A common practice when administering web applications is to create a copy/backup of a particular directory prior to making any modification. Another common practice is to add an extension or change the name of the original directory to signify that it is a backup (examples include `.bak`, `.orig`, `.backup`, etc.).

During the initial recon stages of an attack, cyber-criminals will attempt to locate backup directories by adding common extensions onto directories already discovered on the webserver. By analysing the response headers from the server they are able to determine if a backup directory exists. These backup directories can then assist in the compromise of the web application.

By utilising the same method, scanner was able to discover a possible backup directory.

Solution

Do not keep obsolete versions of directories under the virtual web server root.

See Also

http://www.webappsec.org/projects/threat/classes/information_leakage.shtml

https://www.owasp.org/index.php/Review_Old,_Backup_and_Unreferenced_Files_for_Sensitive_Information_(OTG-CONFIG-004)

Plugin Details

Severity: Medium

ID: 98073

Type: remote

Published: 2017/03/31

Updated: 2017/10/16

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3.0

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference Information

CWE: 530

WASC: Predictable Resource Location

OWASP: 2017-A6, 2013-A5, 2010-A6