Limited Black Friday Offer:
Security for everyone

Elmah.axd File Scanner

If ELMAH is not properly configured elmah.axd file can allows attackers to gain information about the application.

SCAN NOW

Short Info

Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Parent Category

Elmah.axd File Scanner Detail

ELMAH (Error Logging Modules and Handlers) is a powerful, free tool an application-wide error logging facility that is completely pluggable. But, it is configured improperly on target website, and that allows attackers to gain information about the application.


An attacker can obtain information such as:

  1. Session cookies
  2. Session state
  3. Query string and post variables
  4. Physical path of the requested file


This means that the attacker can hijack any active user's session by using their session details.