Member-only story
My Pentest Log -17 - (Stack Trace in ASP.NET)
Greetings from Perama to all,
Today, I would like to inform you about the vulnerability, from which I could learn some details about the smtp of the target application, through the non-customized error page.
1. Necessary information was given by our project manager that I will perform security tests on “private.com”.
2. As always, I first verified the scope form and rolled up my sleeves for the necessary safety tests.
3. First of all, I started the recon stages on the target application, first of all, I tried to determine which programming language the application was written in, as always. I have shared the reason for this in my previous articles, those of you who are curious can take a look.
4. I discovered that the target application was built with “ASP.NET”. (Bofff)
5. Being an application “asp.net” has both advantages and disadvantages, and the disadvantage always outweighs the advantage, but this time luck was on my side and there was an issue where I had an advantage.