Lab: Information disclosure in error messages
One of the most common causes of information disclosure is verbose error messages
In the url type type 1+1 to find information discloser submit the solution to solve the lab’
Lab: Information disclosure on debug page
For debugging purposes, many websites generate custom error messages and logs that contain large amounts of information about the application’s behavior.
Debugging information may sometimes be logged in a separate file. If an attacker is able to gain access to this file, it can serve as a useful reference for understanding the application’s runtime state.
use discover content option to discover more files
after going in phpinfo.php you will get the secret key submit the solution to solve the lab
Lab: Source code disclosure via backup files
text editors often generate temporary backup files while the original file is being edited. These temporary files are usually indicated in some way, such as by appending a tilde (~) to the filename or adding a different file extension. Requesting a code file using a backup file extension can sometimes allow you to read the contents of the file in the response.
use discover content to discover the /backup/ folder
copy the key and submit it to solve the lab
Lab: Authentication bypass via information disclosure
In some cases developers might forget to disable various debugging options in the production environment. For example, the HTTP TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests that use the TRACE method by echoing in the response the exact request that was received. This behavior is often harmless, but occasionally leads to information disclosure, such as the name of internal authentication headers that may be appended to requests by reverse proxies.
we have our own creds wiener:peter and victim username carlos
use discover content,admin panel is discovered
browse to admin panel and intercept the request
type TRACE in the get method and send the request.
you will notice a file gets downloaded open that file
notice this header,
go to proxy setting in burp and find match and replace click add
in replace type
X-Custom-IP-Authorization: 127.0.0.1
Burp Proxy will now add this header to every request you send.
go to admin panel and delete carlos to solve the lab
Lab: Information disclosure in version control history
Virtually all websites are developed using some form of version control system, such as Git. By default, a Git project stores all of its version control data in a folder called .git. Occasionally, websites expose this directory in the production environment. In this case, you might be able to access it by simply browsing to /.git.
we have to find administrator password and delete carlos
use discover content
go to /.git/ you will see there are several files
now open a terminal
type wget -r https://YOUR-LAB-ID.web-security-academy.net/.git/
download git(prefer windows)
go in the file
click git bash here
click visualize master’s history, get the password and login into the admin account and delete carlos to solve the lab