Hidden File Found

Nathan

unread,

Dec 13, 2024, 6:11:47 AM (9 days ago) Dec 13

to ZAP User Group

Hi In our recent owasp report we have had a vulnerability that says the following.

Hidden File Found
A sensitive file was identified as accessible or available. This may leak administrative, configuration, or credential information which can be leveraged by a malicious individual to further attack the system or conduct social engineering efforts.

It says in the report HTTP/1.1 301 Moved Permanently

When we click on the links the files don't exist we just get a 404 page saying "page not found"
we use a wordpress theme.
is says it's at the root of the domain name where the website theme is. We are able to view all hidden files on the site however we are unable to see them.

Is that saying that if the files were there they would be accessible or available?

Any help on this would be great. I have attached a screenshot.

Hiden files Found.png

Message has been deleted

Simon Bennetts

unread,

Dec 18, 2024, 4:54:23 AM (4 days ago) Dec 18

to ZAP User Group

Hiya,

Can you share one of the full responses.

Feel free to onfuscate any sensitive information.

Many thanks,

Simon

Nathan

unread,

Dec 18, 2024, 8:41:29 AM (4 days ago) Dec 18

to ZAP User Group

Hi when you say a full response what do you mean? A full report? I have attached another screenshot of the full vulnerability.

Thanks

Owasp report.png

Simon Bennetts

unread,

Dec 19, 2024, 12:01:07 PM (2 days ago) Dec 19

to ZAP User Group

The full HTTP response for one of the requests flagged, including the header and body.

Reply all

Reply to author

Forward

Hidden File Found - Medium

Nathan

Simon Bennetts

Nathan

Simon Bennetts