Backup file

Description: Backup file

Publicly accessible backups and outdated copies of files can provide attackers with extra attack surface. Depending on the server configuration and file type, they may also expose source code, configuration details, and other information intended to remain secret.

Remediation: Backup file

Review the file to identify whether it's intended to be publicly accessible, and remove it from the server's web root if it isn't. It may also be worth auditing the server contents to find other outdated files, and taking measures to prevent the problem from reoccurring.

References

Web Security Academy: Information disclosure via backup files

Vulnerability classifications

CWE-530: Exposure of Backup File to an Unauthorized Control Sphere
CAPEC-37: Retrieve Embedded Sensitive Data
CAPEC-204: Lifting Sensitive Data Embedded in Cache

Typical severity

Information

Type index

0x006000d8

Burp Scanner

This issue - and many more like it - can be found using our web vulnerability scanner

Get Burp

Scan your web application from just $399.00

Find out more

How do I?	New Post	View All
Feature Requests	New Post	View All
Burp Extensions	New Post	View All
Bug Reports	New Post	View All