Infromation Disclosure
Lab:~# Information disclosure in version control history
Welcome to my write-up for the PortSwigger Web Security Academy lab on Information disclosure in version control history In this guide, I’ll show you how I tackled the lab, including how I found security issues and created solutions. This lab discloses sensitive information via its version control history. To solve the lab, obtain the password for the administrator user then log in and delete the user carlos.
What is information disclosure?
Information disclosure, also known as information leakage, is when a website unintentionally reveals sensitive information to its users.
End Goals:~#
- Obtain the password of the admin.
- Login and delete the user carlos.
Steps To Reproduce:~#
- Open the lab and browse to /.git to reveal the lab’s Git version control data. We need to find a way to download this data to our machine.
- Using the
wgetcommand (a utility for downloading files from the web), we can download all the data to our machine, making it easier to examine everything.
- On our Linux machine, when we download files, using
ls -ashows hidden files and directories (those starting witha. like.git). We can navigate to these directories using cd and list all files and directories with ls.
- I started checking all the files manually, hoping to find something useful. some file gave me a clue about where to look next.
- There is a commit with the message “Remove admin password from config”
- Using the git diff command, we can show changes between commits or between a commit and the working tree. By typing git diff and pressing Tab, we can see available options and auto-completions.
- Using git show show the password.
- Bingo! We found the password and used the credentials to log into the admin panel. From there, we accessed all the functionalities and deleted the user “carlo” to complete the lab.
That’s all, friends. Thank you for reading up to this point. I would like to hear your feedback on anything not clear here. Here is my Twitter account @T3chnocr4t. Feel free to DM me if you have any issues with my write-up. Thanks!