Development Features Enabled in Prodcution, (Thu, Oct 24th)

This post was originally published on this site

We do keep seeing attackers "poking around" looking for enabled development features. Developers often use these features and plugins to aid in debugging web applications. But if left behind, they may provide an attacker with inside to the application. In their simplest form, these features provide detailed configuration information. More severe cases may leak credentials or even provide full remote code execution access.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.