PHP Configuration Exposure
PHP configuration can be exposed when pdirectory indexing has not been disabled to the config or cgi-bin folders. If developers have created backup copies of php configuration these can be accessed in situations where they cannot be parsed correctly due to a change in extension. Take db.php as an example, if the filename of the backup copy is db.php.old, the browser/php cannot parse it and therefore the file is downloaded instead (giving the hacker access to valuable database access information in this case).
Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.