If the developer forgets to remove the built in controller welcome.php it helps the attacker to identify that the site is built with Codeigniter

Disclosed: 2017-10-18 02:35:59 By hackerneo To codeigniter

High

Vulnerability Details

The attacker can check the website's backend technology simply by typing site_name/index.php/welcome/index it will display the codeigniter welcome page if the developer dosen't removed the built in controller and view welcome.php and welcome_message.php i attaching a screenshot below as a proof of concept

Actions

View on HackerOne

Report Stats

Report ID: 278225
State: Closed
Substate: not-applicable
Upvotes: 4

If the developer forgets to remove the built in controller welcome.php it helps the attacker to identify that the site is built with Codeigniter

Vulnerability Details

Actions

Report Stats

Share this report