Exploiting security misconfigurations
The term misconfiguration is so open that it could mean a lot of things related to security. At the same time, it is so difficult to determine the impact of these kinds of vulnerabilities; some of these vulnerabilities could be just informational, showing information about the technology used to construct an application, and others could be so critical, providing access to the server, or to the application, thereby exposing all of it.
So, in this section, we will be showing different common errors, and how to exploit them using Burp Suite.
Default pages
It is common that server administrators install web servers or other applications, and they do not configure them to avoid showing the default pages, so, it is normal to find pages like the following:
This default page may be generic, but it shows information, which, depending on the environment, could be useful. For example, in this case, we are seeing Apache Tomcat's default page. Tomcat is an application...
