HTML Fingerprinting

From SecurePHPWiki
Jump to: navigation, search

Common application footers containing "Powered by..." or "This site runs..." can easily be spotted using search engines. When a security advisory is published, such fingerprinting opens the application to attack by anyone (see Script Kiddie) using well known holes.

HTML fingerprinting works well as a measure to determine the popularity of a project. However, in the hands of a malicious user, it becomes a signal of vulnerability.

Recently, many big boards like (non-up-to-date) PHPBB2 has been hacked by scripts looking for the HTML Fingerprint in order to get the version of the Board.