Open Almenon opened 6 years ago
http://www.omdbapi.com/?%3Ca http://www.omdbapi.com/%3Ca
http://www.omdbapi.com/?%3Ca
http://www.omdbapi.com/%3Ca
These two links both result in error messages with version information and stacktraces. This is information that could help a hacker penetrate your security.
OWASP reccomends hiding such information:
https://www.owasp.org/index.php/Error_Handling#Generic_error_messages
If I recall correctly, the messages can be hidden through a simple webconfig change.
Still reproduced.
rooxie
commented
5 years ago
These two links both result in error messages with version information and stacktraces. This is information that could help a hacker penetrate your security.
OWASP reccomends hiding such information:
https://www.owasp.org/index.php/Error_Handling#Generic_error_messages
If I recall correctly, the messages can be hidden through a simple webconfig change.