Cobalt Vulnerability Wiki

Cobalt Vulnerability Wiki

Categories

V2 - Authentication V3 - Session Management V4 - Access Control V5 - Validation/Sanitization V6 - Cryptography V7 - Error Logging

Non Customized Error Messages (Error Message Reveals Internal IP Address/Underlying Technology) Stack Trace in Error Message Unhandled Error Messages - SQL Queries Revealed Visible Detailed Error/Debug Page

V8 - Data Protection V9 - Communications V10 - Malicious Code V11 - Business Logic V12 - Files Resources V13 - API V14 - Config

V7 - Error Logging

Non Customized Error Messages (Error Message Reveals Internal IP Address/Underlying Technology)

POC

1. Send various invalid data input or insert illegal characters to the URL or the HTTP request.

2. Observe underlying technology or IP address or internal file path is disclosed such as followings:

<address>Apache/2.2.22 (Ubuntu) PHP/5.3.10-1ubuntu3.9 with Suhosin-Patch at 127.0.1.1 Port 80</address>

Impact

Low

Likelihood

Low

Ready to get started?

our platform schedule a demo

Join some of these great clients we're proud to have helped