Insecure File Share


Description

The application is vulnerable due to an insecure file share on the web server. The web server exposes a file share that is directly accessible to users. Attackers who browse the file share can download files and gain access to sensitive information on the server, or in the case of write access, upload malicious files and modify data. Attackers may be able to use this information to uncover vulnerabilities in the web application, gain access to the internal network, or attack other users. 

Impact

An exposed file share poses signficant risk for an application and its supporting infrastructure. Confidentiality of sensitive data may be impacted, including giving attackers access to sensitive information that normally would not be exposed within the web application. Sensitive information may include personally identifiable information about users; information such as configuration files or source code; or passwords, encryption keys and database connection strings. Attackers can use this information to identify vulnerabilities in the web application, gain access to databases, or use it to launch attacks against the web server and the internal network. In addition, if the file share provides write access, the integrity of data can be impacted by allowing attackers to modify data or upload malicious files that can be used to attacker other users or create backdoors into the network.

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply