| Web Framework | Method | Source |
|---|---|---|
| Laravel (PHP) | "Whoops! There was an error." | google.com |
| Symfony (PHP) Method 1 | +plugin:SymfonyVerbosePlugin OR +plugin:SymfonyProfilerPlugin | leakix.net |
| Symfony (PHP) Method 2 | Set-Cookie: symfony= | shodan.com |
| Symfony (PHP) Method 3 | inurl:/frontend_dev.php/$ | google.com |
| Symfony (PHP) Method 4 | "SF_ROOT_DIR" | google.com |
| Django (credit fattselimi) | http.title:”DisallowedHost at /” | shodan.com |
| Ruby on rails | Application Trace + nil:NilClass (10%) TBD | google.com |
| Flask | Manual Testing | Burpsuite & Web Manual |
| ASP.NET | Manual Testing | Burpsuite & Web Manual |
| Yii | intitle:"yii debugger" | google.com |
| Generic Method 1 (mass) | site:.tld1.wildcard OR site:wildcard.tld "unexpected error" OR "Uncaught Exception" OR "fatal error" OR "Unknown column" OR "exception occurred" | google.com |
| Type | Method |
|---|---|
| Web Server | Search for random files and folders that will not be found (404s) |
| Web Server | Try to request folders that exist and see the server behavior (403s, blank page, or directory listing). |
| Web Server | send a very large path, break the headers format, or change the HTTP version. |
| Application | Identify possible input points where the application is expecting data. |
| Application | Analyse the expected input type (strings, integers, JSON, XML, etc.). |
| Application | Fuzz every input point based on the previous steps to have a more focused test scenario. |
| Application | Understand the service responding with the error message and try to make a more refined fuzz list to bring out more information or error details from that service (it could be a database, a standalone service, etc.). |
| Application | Try access host via IP, may trigger this also |
| common filetypes | what's likely in use |
|---|---|
| got PHP files in specific path order? | CMS:WordPress, Joomla, and Drupal., WEBSRV:Apache, Nginx, and Microsoft IIS, WEBF:Laravel, Symfony, CodeIgniter, and Yii. DB:MySQL, PostgreSQL, and SQLite |
| JSP files | Spring, Struts, and JavaServer Faces (JSF), Apache Tomcat, Jetty, GlassFish, JBoss, WebLogic, WebSphere, Resin. |
| nsf files | XPages, IBM Domino |
| env | Adobe Acrobat and Acrobat Reader files. An ENV file holds spelling and format setting information |
| do | web-based Java program run by a web server that supports Java, such as Tomcat or IBM WebSphere |
| conf | configuration or “config” file used on Unix and Linux based systems. It stores settings used to configure system processes and applications. |
| jar | (Java ARchive) is a package file format typically used to aggregate many Java class files and associated metadata and resources (text, images, etc.) into one file for distribution. |
| xml | (Extensible Markup Language) data file. It is formatted much like an . HTML document, but uses custom tags to define objects and the data within each object. XML files can be thought of as a text-based database. |
| twig | a PHP optimizing template engine; contains a template that will be generated into a specific final format, such as a HTML, JavaScript, XML, or CSS based file |
| htc | HTC is a file extension for an HTML file used on the World Wide Web. HTC stands for HyperText markup language Components. HTC files contain both HTML code and HTML components. HTC files are used to define dynamic functions to be used across multiple HTML pages. |
| tmpl | Template file used by Xfire, an instant messaging application for gamers; contains an HTML template file for displaying a user interface page |
| svc | Text file that contains information about a Windows Communication Foundation (WCF) service that can be run using (IIS); includes a WCF-specific processing directive that activates hosted services in response to incoming messages. |
| jspa | JSPA file type is primarily associated with WebWork. WebWork is a web application framework for J2EE. |
1.HttpException: This exception is thrown when an HTTP error occurs, such as a 404 Not Found or 500 Internal Server Error. It is the base class for all HTTP-related exceptions in Laravel.
2.ValidationException: This exception is thrown when a form validation fails in Laravel. It contains information about the validation errors and can be used to redirect the user back to the form with the validation errors displayed.
3.ModelNotFoundException: This exception is thrown when a model is not found in the database. It is commonly used to handle 404 errors when a requested resource is not found in the database.
4.QueryException: This exception is thrown when a database query fails, such as when there is a syntax error or a constraint violation. It contains information about the SQL error that caused the query to fail.
5.AuthenticationException: This exception is thrown when a user is not authenticated and tries to access a protected resource in Laravel. It can be used to redirect the user to the login page or to display a custom error message.
6.AuthorizationException: This exception is thrown when a user is not authorized to access a particular resource or perform a particular action. It can be used to redirect the user to a custom error page or to display a custom error message.
1.InvalidArgumentException: This exception is thrown when an argument passed to a function or method is not valid.
2.NotFoundHttpException: This exception is thrown when a requested resource or URL is not found.
3.AccessDeniedException: This exception is thrown when a user does not have sufficient permissions to access a resource.
4.RuntimeException: This is a generic exception that is thrown when an unexpected error occurs during the execution of a script or application.
5.HttpException: This is a base exception class for HTTP-related errors, such as 404 (Not Found) or 500 (Internal Server Error).
6.Twig_Error_Runtime: This exception is thrown by the Twig template engine, which is used by Symfony to render templates. It is typically caused by a syntax error or a missing variable in a template.
7.Doctrine\DBAL\Exception: This exception is thrown by the Doctrine database abstraction layer, which is used by Symfony to interact with databases. It is typically caused by a database-related error, such as a missing table or a syntax error in a SQL query.
1.TemplateSyntaxError: This error is thrown when there is a syntax error in a Django template. This error can occur when a developer forgets to close a tag or uses incorrect syntax in a template.
2.ImportError: This error is thrown when there is a problem importing a module or package in a Django application. This error can occur when a developer misspells the name of a module or package or when there is a problem with the environment configuration.
3.OperationalError: This error is thrown when there is an error executing a database query in a Django application. This error can occur when a database connection is lost or when there is a problem with the database configuration.
4.ImproperlyConfigured: This error is thrown when there is a problem with the configuration of a Django application. This error can occur when a developer forgets to set a required setting or when there is a problem with the environment configuration.
5.ValidationError: This error is thrown when there is a problem with data validation in a Django application. This error can occur when a form field is left blank or when a user enters invalid data.
6.SuspiciousOperation: This error is thrown when there is a suspicious or potentially malicious operation detected in a Django application. This error can occur when a user tries to access a restricted resource or perform an action that is not allowed.
redis, API, PHP, DB, mysql, AD, path, server, database, username, password, key, secret, backend, admin, dir, port, URI,
TBD
