Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V7 - Error Logging

Non Customized Error Messages (Error Message Reveals Internal IP Address/Underlying Technology)

POC

  1. Send various invalid data input or insert illegal characters to the URL or the HTTP request.
  2. Observe underlying technology or IP address or internal file path is disclosed such as followings: Apache/2.2.22 (Ubuntu) PHP/5.3.10-1ubuntu3.9 with Suhosin-Patch at 127.0.1.1 Port 80

Impact

Low

Likelihood

Low