• A website can be susceptible to attack due to an insecure configuration option.
• Wappalizer is an browser extension that tells you what services versions the website uses
• Attackers will often attempt to exploit unpatched flaws or access default accounts, unused pages, unprotected files and directories, etc to gain unauthorized access or knowledge of the system.

Prevention

• make sure the services used are up to date
• do not use default credentials
• Make sure error messages do not give too much information away
• remove unused features

References

• https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration
• https://bounty.github.com/classifications/security-misconfiguration.html
• https://www.owasp.org/index.php/Testing_for_Error_Code_(OTG-ERR-001)