Vulnerability Assessment is the process of evaluating the efficiency of the security controls of a system by measuring its security level. The scope of the process is to uncover all potential vulnerabilities through automated or human driven security tests.
The below listed files are not directly linked to the website. This check looks for common sensitive resources like password files, configuration files, log files, include files, statistics data, database dumps and administrative consoles. Each one of these files could help an attacker to learn more about his target like OS name, platform version, framework, outdated components etc.
The severity of these can range widely, depending on the context in which the product operates, the type of sensitive information that is revealed, and the benefits it may provide to an attacker.
Information disclosure issues in web application can be further used by attackers to gain insightful knowledge about the possible weaknesses of a web application, thus allowing them to craft a malicious hack attack. They allow the hackers or spammers to gain insightful and confidential information about the target such as DB information, OS name etc they want to attack just by performing basic testing, and sometimes just by looking for information in public pages or error pages.
There are so many automated tools are also available who can helps you to detect the possible sensitive files like Acunetix, Netsparker, Qualys, Burp Suite etc.
The only remediation is to restrict access to these files/directories or remove them from the website so that no personal information would be leaked. With respect to configuration files, make sure that the permissions for the configuration files on your website are set up with security in mind i.e. 400 or 444.
|1||/.env||Environment configuration File (Laravel)|
|2||/|~.aspx||Improper Error Handling (ASP.NET)|
|3||/…||Improper Error Handling (ASP.NET)|
|4||/trace.axd||ASP.NET Tracing Enabled|
|5||/phpinfo.php||PHP Configuration File|
|6||/php.ini||PHP Configuration File|
|7||/wp-includes||Directory Listing (WordPress)|
|8||/error.log, /error.txt. /error_log, /errorlog, /error.jsp, /logs, /logs.php||Error Log Files|
|9||/htaccess.txt, /.htaccess||Apache Htaccess Files|
|10||/etc/passwd, /tmp, /var||Linux Directory Files|
|11||/admin, /administrator, /wp-admin, /admin/login.php, /admin.aspx, /adminlogin.aspx||Possible Administrator Login Pages|
|12||/readme.html, /readme.txt, /README.MD, /license.txt, /manual
|13||/config.php, /configuration.php, /conn.php, /sites/default/settings.php, /app/etc/local.xml, /inc.config.php, /admin/config.php, /wp-config.php||DB Configuration Files|
|14||/robots.txt||Robots File (Pre Attack Probe)|
|15||/.gitignore||Possible Sensitive File (Github)|
|16||/wp-includes/rss-functions.php, /wp-includes/user.php, /wp-includes/vars.php||Fatal Error Check (WordPress)|
|17||/adminer.php, /phpminiadmin.php, /phpmyadmin, /db.php, /sql.php||Possible DB login Files|
|18||/examples||Apache Tomcat Examples Directory|
|19||/backup, /backup.zip, /download.zip, /backup.tar.gz,
|20||/.bashrc, /.zshrc, /.cshrc||Shell Configuration Files|
|21||/pass.txt, /password.txt, /passwords.txt, /password
||Password Related Sensitive Files|
If you want to add more information related to possible sensitive files, then you can drop a mail at firstname.lastname@example.org.