Language version disclosure in response header
Unknown
Vulnerability Details
1. go to https://staging.uzbey.com/ in google chrome browser
2. Right click mouse and choose inspect element options
3. click network and choose request and response for staging.uzbey.com
Remote Address:54.200.82.121:443
Request URL:https://staging.uzbey.com/
Request Method:GET
Status Code:200 OK
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Host:staging.uzbey.com
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Response Headersview source
Cache-Control:no-cache, must-revalidate, post-check=0, pre-check=0
Connection:close
Content-Encoding:gzip
Content-Language:en
Content-Length:4549
Content-Type:text/html; charset=utf-8
Date:Mon, 23 Jun 2014 02:33:52 GMT
ETag:"1403490832"
Expires:Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified:Mon, 23 Jun 2014 02:33:52 +0000
Server:Apache/2.2.15 (Red Hat)
Vary:Accept-Encoding,User-Agent
X-Generator:Drupal 7 (http://drupal.org)
X-Powered-By:PHP/5.3.3
attack :
language used : X-Powered-By:PHP/5.3.3
server detail and version : Server:Apache/2.2.15 (Red Hat)
Actions
View on HackerOneReport Stats
- Report ID: 17256
- State: Closed
- Substate: resolved
- Upvotes: 2