Adding file producer metadata leakage #788
Labels
new
New content to write
Comments
|
@Hipapheralkus you said you'd like extend/add content but then didn't want the issue assigned. Do you plan to tackle the changes? |
|
Please comment if you are still working on this issue, as it has been inactive for 90 days. To give everyone a chance to contribute, we are releasing it to new contributors. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
File producer metadata leakage
If the web application generates files (e.g. pdf), using exiftools (or other techniques), the Producer can be found which created it. If the producer is known, e.g.
Producer: iText 2.1.7orProducer: mPDF 7.1.7the attacker can discover whether any CVEs exist for such a tool leading to successful exploitation.Although I was able to find https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/, but it doesn't reference this specific need in my opinion. Therefore, I'd like to extend the Information Gathering with a new content.
Would you like to be assigned to this issue?
no
The text was updated successfully, but these errors were encountered: