When i found backup file (rootlogin.asp.old)
I Found a backup file with the .old extension on the target server. The severity of the threats posed by the web-accessible backup files depends on the sensitivity of the information stored in original document. Based on that information, the attacker can gain sensitive information about the site architecture, database and network access credential details, encryption keys, and so forth from these files. The attacker can use information obtained to craft precise targeted attacks, which may not otherwise be feasible, against the application.
Explanation
An attacker can use the information obtained from the backup file of a sensitive document to craft a precise targeted attack against the web application. Such attacks can include, but are not limited to, SQL injection, remote file system access to overwrite or inject malware, and database manipulation.
- Webroot Security Policy: Implement a security policy that prohibits storage of backup files in webroot.
- Temporary Files: Many tools and editors automatically create temporary files or backup files in the webroot. Be careful when editing files on a production server to avoid inadvertently leaving a backup or temporary copy of the file(s) in the webroot.
- Default Installations: Often, a lot of unnecessary files and folders are installed by default. For instance, IIS installations include demo applications. Be sure to remove any files or folders that are not required for application to work properly.
- Development Backup: Source code back up should not be stored and left available on the webroot.
Further QA can include test cases to look for the presence of backup files in the webroot to ensure none are left in publicly accessible folders of the web application.
Lets Talk How I Found …..?
My Answer : Recon
When start fuzzing url i found rootlogin.asp . just open burp repeater send it with rootlogin.asp but i got nothing but then i try rootlogin.asp.old
and I am like ……. woooooo yeaaaaaa
GET /rootlogin.asp.old HTTP/1.1
Referer: xyz.com
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Accept: */*
Pragma: no-cache
Host: xyz.com
X-Scan-Memo: Category=”Audit”; Function=”createStateRequestFromAttackDefinition”; SID=”67012A7CFABAA7775CEC050B08B0E472"; PSID=”1D97F8A56D12DA6B9C555C52B8905F98"; SessionType=”AuditAttack”; CrawlType=”None”;
Connection: Keep-Alive
Cookie: CustomCookie=*******69383ZXB3FCEA2CCD6849B0A63D3EFF65615601Y3637;status=yes;username=;userid=;sessionid=;ASPSESSIONIDCARBTACT=*************;state=;passes3=;passes=;passes2=

“
Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.
Kevin Mitnick