Source code disclosure via backup files

https://portswigger.net/web-security/information-disclosure/exploiting/lab-infoleak-via-backup-files

We can go to the /robots.txt page to see what pages are blocked for web crawlers.

We can see that the /backup are blocked. Let's visit it.

Let's go the file.

As we can see there is a hardcoded password there.

qyb8rfjmzv1edk56w3dwmaom3o505wvy

We can submit this password as the answer.

We have solved the lab.

Last updated 2 years ago