![]() File uploads: libraries may add metadata if the file is being modified server-side.Errors: triggering errors may also leak the language.Specific input: for example, PHP had some easter eggs.It may be useful if the webmaster kept the default values. Language limits: maximum post data, maximum number variable in GET and POST data, etc.HTTP Parameter Pollution: if you managed to guess which server is running, you can refine the guess.HTTP headers: they may leak some information about the language which is running on the server, and some additional details like the version: X-Powered-By: PHP/7.0.0 means that the page was rendered by PHP. ![]() File extensions: login.php is most likely a PHP script.There's no way to be 100% sure if you don't have access to the server, so it's about guessing.
0 Comments
Leave a Reply. |