Improper Error Handling


During the scan, Kayran managed to find Improper Error Handling vulnerability.
Improper error handling takes part in the reconnaissance phase in which the attacker will try to gather as much technical information as possible about the target. Information such as the application’s server, frameworks, libraries, versions, etc.

Unhandled errors can assist the attacker in this reconnaissance phase, which is very important for further attacks.

An attacker may use the contents of error messages to launch another, more focused attack.
For example, an attempt to exploit a path traversal weakness (CWE-22) might yield the full pathname of an installed application. In turn, this could be used to select the proper number of “..” sequences to navigate to the targeted file.
An attack using SQL injection (CWE-89) might not initially succeed, but an error message could reveal the malformed query, which would expose query logic and possibly even passwords or other sensitive information used within the query.


Verify that there isn’t sensitive information that is being disclosed, whether through errors or warning messages.
Another good practice will be to configure the application to log errors to a file for example, instead of displaying the error to the users.


< Return to all Vulnerabilities

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 30,000+ vulnerabilities.Kayran’s mission is to make

Read More »

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »