PortSwigger Information disclosure Labs

dextro
4 min readJul 23, 2023

--

Lab: Information disclosure in error messages

One of the most common causes of information disclosure is verbose error messages

In the url type type 1+1 to find information discloser submit the solution to solve the lab’

Lab: Information disclosure on debug page

For debugging purposes, many websites generate custom error messages and logs that contain large amounts of information about the application’s behavior.

Debugging information may sometimes be logged in a separate file. If an attacker is able to gain access to this file, it can serve as a useful reference for understanding the application’s runtime state.

use discover content option to discover more files

after going in phpinfo.php you will get the secret key submit the solution to solve the lab

Lab: Source code disclosure via backup files

text editors often generate temporary backup files while the original file is being edited. These temporary files are usually indicated in some way, such as by appending a tilde (~) to the filename or adding a different file extension. Requesting a code file using a backup file extension can sometimes allow you to read the contents of the file in the response.

use discover content to discover the /backup/ folder

copy the key and submit it to solve the lab

Lab: Authentication bypass via information disclosure

In some cases developers might forget to disable various debugging options in the production environment. For example, the HTTP TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests that use the TRACE method by echoing in the response the exact request that was received. This behavior is often harmless, but occasionally leads to information disclosure, such as the name of internal authentication headers that may be appended to requests by reverse proxies.

we have our own creds wiener:peter and victim username carlos

use discover content,admin panel is discovered

browse to admin panel and intercept the request

type TRACE in the get method and send the request.

you will notice a file gets downloaded open that file

notice this header,

go to proxy setting in burp and find match and replace click add

in replace type

X-Custom-IP-Authorization: 127.0.0.1

Burp Proxy will now add this header to every request you send.

go to admin panel and delete carlos to solve the lab

Lab: Information disclosure in version control history

Virtually all websites are developed using some form of version control system, such as Git. By default, a Git project stores all of its version control data in a folder called .git. Occasionally, websites expose this directory in the production environment. In this case, you might be able to access it by simply browsing to /.git.

we have to find administrator password and delete carlos

use discover content

go to /.git/ you will see there are several files

now open a terminal

type wget -r https://YOUR-LAB-ID.web-security-academy.net/.git/

download git(prefer windows)

go in the file

click git bash here

click visualize master’s history, get the password and login into the admin account and delete carlos to solve the lab

--

--