Member-only story

My Pentest Log -17 - (Stack Trace in ASP.NET)

Hamit CİBO
3 min readMay 5, 2022

--

Greetings from Perama to all,

Today, I would like to inform you about the vulnerability, from which I could learn some details about the smtp of the target application, through the non-customized error page.

1. Necessary information was given by our project manager that I will perform security tests on “private.com”.

2. As always, I first verified the scope form and rolled up my sleeves for the necessary safety tests.

3. First of all, I started the recon stages on the target application, first of all, I tried to determine which programming language the application was written in, as always. I have shared the reason for this in my previous articles, those of you who are curious can take a look.

4. I discovered that the target application was built with “ASP.NET”. (Bofff)

5. Being an application “asp.net” has both advantages and disadvantages, and the disadvantage always outweighs the advantage, but this time luck was on my side and there was an issue where I had an advantage.

--

--

Hamit CİBO
Hamit CİBO

Written by Hamit CİBO

Penetration Test Specialist | Tout a commencé avec un paramètre

No responses yet