Reward : $2500
Overview of the Vulnerability
A backup copy of the Global.asa file was found publicly accessible on the web server. This file is commonly used in classic ASP applications and may contain sensitive information, such as database connection strings, file paths, application-level settings, or authentication logic. If exposed, it can assist an attacker in gaining deeper access to the application or underlying infrastructure.
Steps to Reproduce
During a fuzzing process using the wordlist available at:
https://raw.githubusercontent.com/onvio/wordlists/master/words_and_files_top5000.txt
we discovered the following publicly accessible backup file:
https://cangacei[.]ro/Global.asa.bak
This file was successfully downloaded and, upon inspection, it was found to contain plaintext credentials along with instructions pointing to another directory within the application. By following this path, we were able to access additional sensitive information, including:
Details from other customers
Internal support tickets and communication
Application-specific configuration data
This exposure represents a significant security risk, as it provides direct access to internal application logic, user data, and potentially database systems.
Top comments (0)