Information disclosure on debug page
https://portswigger.net/web-security/information-disclosure/exploiting/lab-infoleak-on-debug-page
Last updated
https://portswigger.net/web-security/information-disclosure/exploiting/lab-infoleak-on-debug-page
Last updated
If we go to Target > Site map, we can see a request for /cgi-bin/phpinfo.php.
Let's forward that request to the Repeater and send it.
When the response is returned to us, we can search for the following string:
As we can see, the secret is revealed by the server in the response.
We can now submit the secret key as the answer:
We have solved the lab.
