Uzbey: Language version disclosure in response header

2014-06-23T02:40:18
ID H1:17256
Type hackerone
Reporter karthic
Modified 2014-07-23T19:37:11

Description

  1. go to https://staging.uzbey.com/ in google chrome browser

  2. Right click mouse and choose inspect element options

  3. click network and choose request and response for staging.uzbey.com Remote Address:54.200.82.121:443 Request URL:https://staging.uzbey.com/ Request Method:GET Status Code:200 OK Request Headersview source Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Encoding:gzip,deflate,sdch Accept-Language:en-US,en;q=0.8 Connection:keep-alive Host:staging.uzbey.com User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36 Response Headersview source Cache-Control:no-cache, must-revalidate, post-check=0, pre-check=0 Connection:close Content-Encoding:gzip Content-Language:en Content-Length:4549 Content-Type:text/html; charset=utf-8 Date:Mon, 23 Jun 2014 02:33:52 GMT ETag:"1403490832" Expires:Sun, 19 Nov 1978 05:00:00 GMT Last-Modified:Mon, 23 Jun 2014 02:33:52 +0000 Server:Apache/2.2.15 (Red Hat) Vary:Accept-Encoding,User-Agent X-Generator:Drupal 7 (http://drupal.org) X-Powered-By:PHP/5.3.3

attack :

language used : X-Powered-By:PHP/5.3.3

server detail and version : Server:Apache/2.2.15 (Red Hat)