search

kmcdon83 / DVWA

Damn Vulnerable Web Application (DVWA)
http://dvwa.co.uk
GNU General Public License v3.0
0 stars 1 forks source link

CX File_Disclosure @ vulnerabilities/view_source_all.php [master] #24

Open ghost opened 3 years ago

ghost commented 3 years ago

File_Disclosure issue exists @ vulnerabilities/view_source_all.php in branch master

The input obtained via <?php in the file vulnerabilities\view_source_all.php at line 1 is used to determine the file to be read by <?php in the file vulnerabilities\view_source_all.php at line 1, potentially disclosing the contents of that file.

Severity: High

CWE:538

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training Recommended Fix

Lines: 11

Code (Line #11):

$id = $_GET[ 'id' ];
ghost commented 3 years ago

Issue still exists.

ghost commented 3 years ago

Issue still exists.

ghost commented 3 years ago

Issue still exists.

ghost commented 3 years ago

Issue still exists.