Elmah.axd File Scanner

Stay Up To Date
Asset Type


Need Membership


Asset Verify


API Support


Estimate Time (Second)


Elmah.axd File Scanner Detail

If ELMAH is not properly configured elmah.axd file can allows attackers to gain information about the application.

ELMAH (Error Logging Modules and Handlers) is a powerful, free tool an application-wide error logging facility that is completely pluggable. But, it is configured improperly on target website, and that allows attackers to gain information about the application.

An attacker can obtain information such as:

  1. Session cookies
  2. Session state
  3. Query string and post variables
  4. Physical path of the requested file

This means that the attacker can hijack any active user's session by using their session details.

Some Advice for Common Problems

It should be removed or access restriction should be applied.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service