search

kmcdon83 / DVWA

Damn Vulnerable Web Application (DVWA)
http://dvwa.co.uk
GNU General Public License v3.0
0 stars 1 forks source link

CX File_Disclosure @ vulnerabilities/view_source.php [master] #19

Open ghost opened 4 years ago

ghost commented 4 years ago

File_Disclosure issue exists @ vulnerabilities/view_source.php in branch master

The input obtained via <?php in the file vulnerabilities\view_source.php at line 1 is used to determine the file to be read by <?php in the file vulnerabilities\view_source.php at line 1, potentially disclosing the contents of that file.

Severity: High

CWE:538

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training Recommended Fix

Lines: 11 12

Code (Line #11):

$id       = $_GET[ 'id' ];

Code (Line #12):

$security = $_GET[ 'security' ];
ghost commented 4 years ago

Issue still exists.

ghost commented 4 years ago

Issue still exists.

ghost commented 4 years ago

Issue still exists.

ghost commented 4 years ago

Issue still exists.