Detectify
Knowledge Base

Back to Knowledge Base

Support Center

Source Code Disclosure

Last Updated: Apr 22, 2017 12:10AM CEST

Source code meant for the server side was found exposed publicly. This makes it easier for an attacker to find other vulnerabilities or credentials hard-coded in the code.

What can happen?

An attacker can read the source code. This is done either to find other vulnerabilities to exploit further, or to use credentials found in the code to log into those systems.

Remediation

To remediate this you need to understand how the source code is exposed and take action in order to stop disclosing it. There is no universal solution here as it all depends on how the source code was disclosed.

A good idea is to not hard-code credentials into the code. This will not make source code disclosure less likely, but if it does occur, it will at least be less severe. Database credentials are an example of details often hard-coded into the code.

Something to keep in mind is that if a source code disclosure with login credentials is discovered it is of great importance to change all potentially leaked passwords. It is way too common to just stop the leak, but you can never know how far the leaked details have spread.

support@detectify.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete