PHP Configuration Exposure

PHP configuration can be exposed when pdirectory indexing has not been disabled to the config or cgi-bin folders. If developers have created backup copies of php configuration these can be accessed in situations where they cannot be parsed correctly due to a change in extension. Take db.php as an example, if the filename of the backup copy is db.php.old, the browser/php cannot parse it and therefore the file is downloaded instead (giving the hacker access to valuable database access information in this case).

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center