Chapter 4  ■ Mapping the Application

Identifying Server-Side Technologies

It is normally possible to fingerprint the technologies employed on the server

via various clues and indicators.

Banner Grabbing

Many web servers disclose fine-grained version information, both about the

web server software itself and about other components that have been

installed. For example, the HTTP 

Server

header discloses a huge amount of

detail about some installations:

Server: Apache/1.3.31 (Unix) mod_gzip/1.3.26.1a mod_auth_passthrough/1.8

mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.9 FrontPage/5.0.2.2634a

mod_ssl/2.8.20 OpenSSL/0.9.7a

In addition to the 

Server

header, other locations where the type and version

of software may be disclosed are:

■■

Templates used to build HTML pages

■■

Custom HTTP headers

■■

URL query string parameters

Download 5,76 Mb.

Do'stlaringiz bilan baham: