ZAP – Source Code Disclosure

Details
Alert Id	10099
Alert Type	Passive
Status	beta
Risk	Medium
CWE	540
WASC	13
Technologies Targeted	All
Tags	OWASP_2017_A06 OWASP_2021_A05

Summary

Application Source Code was disclosed by the web server - PHP

Solution

Ensure that application Source Code is not available with alternative extensions, and ensure that source code is not present within other files or data deployed to the web server, or served by the web server.

Other Info

References

https://www.wsj.com/articles/BL-CIOB-2999

Code

org/zaproxy/zap/extension/pscanrulesBeta/SourceCodeDisclosureScanRule.java

Source Code Disclosure - PHP

Summary

Solution

Other Info

References

Code