V7 - Error Logging
Non Customized Error Messages (Error Message Reveals Internal IP Address/Underlying Technology)
POC
- Send various invalid data input or insert illegal characters to the URL or the HTTP request.
- Observe underlying technology or IP address or internal file path is disclosed such as followings: Apache/2.2.22 (Ubuntu) PHP/5.3.10-1ubuntu3.9 with Suhosin-Patch at 127.0.1.1 Port 80
Impact
Low
Likelihood
Low