Source Code Disclosure

  • CAPEC 118
  • CWE 540
  • WASC 13
  • OWASP 2017-A3

Obtaining the source code of server-side scripts grants the attacker deeper knowledge of the logic behind the web application, how the application handles requests and their parameters, the structure of the database, vulnerabilities in the code and source code comments.


Review the cause of the code disclosure and prevent it from happening.