While doing my online shopping today, I accidentally triggered an SQL query timeout error. The error page review quite a number of information, which can be useful for the programmer to carry out troubleshooting. But best of all, it also provide the hacker with information to carry out the next level of "attack" to the server.
The error page provides table information, file paths that helps in launching SQL injections and XSS attacks.
The error page also shows the application that the server is using and its version number. Based on the information, the Microsoft .NET framework version is not the latest. It may contains critical vulnerability that allows elevation of privileges and remote code execution.
Planning to inform the Site administrator on this issues and nobody hacked it yet.