By knowing the version and type of a running web server, an attacker can quickly determine all known vulnerabilities and the appropriate exploits to use during an attack. Fetching the information about the types and version of the services that are running in the web server will help to find all the known vulnerabilities and exploits for that services during the test. An attacker can also store information related to how each type of web server responds to specific commands. To exploit the application, the attacker will:-
Fingerprinting technique is based on finding specific patterns in the HTML page source code. Often an attacker can see a lot of information that helps him to recognise a particular web application. One of the standard markers for fingerprinting is an HTML comment. The HTML comment can directly lead to application disclosure. More often, in the comments, there might be specific application-specific paths. That is, the comment might link to application-specific CSS and js folders. If there are self-explanatory specific script variables, it might also point to a particular application.
The attacker follows the following methods to fingerprint a web application:-
From the meta tag below, an attacker can easily understand that the application used by the website is WordPress and its version is 3.9.2. Also, the comments and specific paths along with script variables can all help an attacker to determine an instance of an application.
<meta name="generator" content="WordPress 3.9.2" />
Usually these information are placed between < head></head> tags, in < meta> tags or at the end of the page. However, it is recommended to check the whole document. It can be useful for other purposes such as inspection of other user comments and hidden fields.
Using this vulnerability, an attacker gets access to the application’s source code. The attacker can also:-
Beagle recommends the following fixes:-