SECURITY

  minte9
REMEMBERS




Last update:   10-05-2022

Dislay Error

Changing the value of the parameter to a non-integer data type throws error.
 
GET /product?productId="test"

# HTTP/1.1 500 Internal Server Error
# java.lang.NumberFormatException: For input string: "test"
# Apache Struts 2 2.3.31 # Look Here

Debugging Info

Debugging information may sometimes be logged in a separate file.
 
<!--a href=/cgi-bin/phpinfo.php>Debug</a-->

Environment: SECRET_KEY # Look Here

Backup file

Text editors often generate temporary backup files.
 
# robots.txt
User-agent: *
Disallow: /backup

# /backup/ProductTemplate.java.bak    
ConnectionBuilder connectionBuilder = ConnectionBuilder.from(
        "org.postgresql.Driver",
        "postgresql",
        "localhost",
        "postgres",
        "kci2cw1ymk009cp5h3ieceg4x7xnj33m" # Look Here
).withAutoCommit();
Apache    (2/2)

Apache

Remove server version banner.
 
# httpd.conf
ServerSignature Off

ServerTokens Prod
# Response to clients: Server: Apache

ServerTokens Major
# Response to clients: Server: Apache/2

ServerTokens Minor
# Response to clients: Server: Apache/2.4

ServerTokens Min
# Response to clients: Server: Apache/2.4.2

Php

Hiding PHP's X-Powered-By header.
 
# php.ini
expose_php = Off

Questions    
Sql injection
        A B C D E F
🔔
1/3