Application can sometimes leak information in form of version numbers, debugging information, error messages, system data, directory pathing and so on... This information can be used by an attacker to get in depth knowledge about the system.
- Form Input Autocomplete Enabled
Enabled form input autocomplete for sensitive data could lead to stolen information such as passwords or credit card numbers if the user's system is compromised.
- PHP Error Message
PHP error message can reveal security information to users, like installation paths or usernames. It is highly recommended to disable this on production server and send error messages to log file.
- IP Address Leak
Application can sometimes leak internal IP addresses. This information can be used by an attacker to get knowledge about internal network.
- E-Mail Address
E-mail addresses found on websites could be used by an attacker for phishing attacks or as spam destination.
- (Full) Path Disclosure
Some error messages can reveal (full) file path which can be used by an attacker to gain sensitive information.
- Miscellaneous Information Leak
Miscellaneous information leaks could be used by an attacker to gain sensitive information about the system.
- User Credentials Transmitted in Clear Text
If user credentials are not encrypted while transmitted they can be easily readable by an attacker.
- Phpinfo Information Disclosure
Phpinfo() function can be used by an attacker to easily get php version and its installed features or plug-ins.
- Session Cookie not Set to HTTPOnly
There is a risk of session hijacking due to cross site scripting if HTTPOnly feature is not set.
- ASP Error Message
ASP error message can reveal sensitive information (such as ASP.NET version number ) if server is not properly configured.
- Internal Server Error
Internal server error can reveal sensitive information about server type, version, and even framework and its version.
- HTTP File Upload Form Detected
HTTP file upload form can allow an attacker to overwrite or modify existing sensitive files.