Source code disclosure via backup files
https://portswigger.net/web-security/information-disclosure/exploiting/lab-infoleak-via-backup-files
Last updated
https://portswigger.net/web-security/information-disclosure/exploiting/lab-infoleak-via-backup-files
Last updated
We can go to the /robots.txt
page to see what pages are blocked for web crawlers.
We can see that the /backup
are blocked. Let's visit it.
Let's go the file.
As we can see there is a hardcoded password there.
We can submit this password as the answer.
We have solved the lab.