How can an attacker identify if a website is using PHP? How about the PHP version?
I have a vulnerable test site up that runs PHP.
How can an attacker identify that PHP is used?
if I type …/add.php the site gives back an error message, although the file is add.php.
If I type …/add the site runs.
Maybe I can inject co… Continue reading How can an attacker identify if a website is using PHP? How about the PHP version?