Information Disclosures Lab (Fast recap)

Lab1: Information disclosure in error messages

• It gives information about the version if we put the input parameter wrong.

Lab2: Information disclosure on debug page

• We can just check the source code there it is mentioned about the path to a php file or we can check all the directories using engagement tools > content discovery (available in burpsuite Pro). and then search for the Environments in the php file by going to that URL. From there we can get the SECRET_KEY.

Lab3: Source code disclosure via backup files

• Need burpsuite pro- do the same content discovery in engagement tools and you’ll find a ProductTemplate.java.bak file open it in new URL scroll down you’ll find the solution.

Lab4: Authentication bypass via information disclosure

• Read the question again - http request method (TRACE) will be usefull for knowing the details about the / or root directory. You’ll get the X-Custom-Ip-Authorization there and set it to your localhost i.e. 127.0.0.1 (need to do it in every step).

Lab5: Information disclosure in version control history

• Engagement tool needed again, then ./git/ file will be found open that URL and copy that. Now open terminal and do wget -r <URL> (-r as it does recursively so we’ll get the directories & the subdirectories). go inside the hidden ./git after download and git log and then compare both the files hashes you’ll get the password.