Open Hipapheralkus opened 3 years ago
@Hipapheralkus you said you'd like extend/add content but then didn't want the issue assigned. Do you plan to tackle the changes?
Please comment if you are still working on this issue, as it has been inactive for 90 days. To give everyone a chance to contribute, we are releasing it to new contributors.
File producer metadata leakage If the web application generates files (e.g. pdf), using exiftools (or other techniques), the Producer can be found which created it. If the producer is known, e.g.
Producer: iText 2.1.7
orProducer: mPDF 7.1.7
the attacker can discover whether any CVEs exist for such a tool leading to successful exploitation.Although I was able to find https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/, but it doesn't reference this specific need in my opinion. Therefore, I'd like to extend the Information Gathering with a new content.
Would you like to be assigned to this issue? no