漏洞类别:CGI
漏洞等级: 
漏洞信息
A configuration file for web applications was detected, containing data about how the web application will act. This file may also include information about module loading, security configuration, session state configuration, and application language and compilation settings and other application specific items such as database connection strings.
QID Detection Logic:
This unauthenticated QID fetches the web.config file and matches for text such as system.webServer, directoryBrowse.
漏洞危害
Successful exploitation allows a remote unauthenticated attacker to get configuration information specific to the target that may aid in launching further attacks.
解决方案
N/A
Workaround:
Customers are advised to prevent public access of the web.config file by applying appropriate security restrictions.
0daybank
文章评论