When i found backup file (rootlogin.asp.old)

I Found a backup file with the .old extension on the target server. The severity of the threats posed by the web-accessible backup files depends on the sensitivity of the information stored in original document. Based on that information, the attacker can gain sensitive information about the site architecture, database and network access credential details, encryption keys, and so forth from these files. The attacker can use information obtained to craft precise targeted attacks, which may not otherwise be feasible, against the application.

Explanation

An attacker can use the information obtained from the backup file of a sensitive document to craft a precise targeted attack against the web application. Such attacks can include, but are not limited to, SQL injection, remote file system access to overwrite or inject malware, and database manipulation.

  • Webroot Security Policy: Implement a security policy that prohibits storage of backup files in webroot.
  • Temporary Files: Many tools and editors automatically create temporary files or backup files in the webroot. Be careful when editing files on a production server to avoid inadvertently leaving a backup or temporary copy of the file(s) in the webroot.
  • Default Installations: Often, a lot of unnecessary files and folders are installed by default. For instance, IIS installations include demo applications. Be sure to remove any files or folders that are not required for application to work properly.
  • Development Backup: Source code back up should not be stored and left available on the webroot.

Further QA can include test cases to look for the presence of backup files in the webroot to ensure none are left in publicly accessible folders of the web application.

Lets Talk How I Found …..?

Photo by Tim Gouw on Unsplash

My Answer : Recon

When start fuzzing url i found rootlogin.asp . just open burp repeater send it with rootlogin.asp but i got nothing but then i try rootlogin.asp.old

and I am like ……. woooooo yeaaaaaa

Photo by Product School on Unsplash

GET /rootlogin.asp.old HTTP/1.1
Referer: xyz.com
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Accept: */*
Pragma: no-cache
Host: xyz.com
X-Scan-Memo: Category=”Audit”; Function=”createStateRequestFromAttackDefinition”; SID=”67012A7CFABAA7775CEC050B08B0E472"; PSID=”1D97F8A56D12DA6B9C555C52B8905F98"; SessionType=”AuditAttack”; CrawlType=”None”;
Connection: Keep-Alive
Cookie: CustomCookie=*******69383ZXB3FCEA2CCD6849B0A63D3EFF65615601Y3637;status=yes;username=;userid=;sessionid=;ASPSESSIONIDCARBTACT=*************;state=;passes3=;passes=;passes2=

Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.

Kevin Mitnick

Blogger | Security Researcher | Digital forensic analyst | Twitter — @mrunal110

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store