Information disclosure
Lab:~# Information disclosure on debug page
Hello,
Here is the write-up for another information disclosure lab. Let’s go through this quickly. This lab features a debug page that reveals sensitive information about the application. To complete the lab, you need to obtain and submit the SECRET_KEY environment variable.
What is information disclosure?
Information disclosure, also known as information leakage, is when a website unintentionally reveals sensitive information to its users.
End Goals:~#
- Complete the Labs
- You need to obtain and submit the SECRET_KEY environment variable.
Steps To Reproduce:~#
-
The web application is a shopping site. Start by exploring all its features, as there might not be any obvious issues at first. Then, check the source code for any comments left by the developers.
-
It looks like the developer accidentally left a debug page accessible. This is a serious security mistake because the debug page might contain sensitive information that could be exploited
- Navigate to the page to investigate further.
- To locate the SECRET_KEY, we need to search the debug page for the keyword secret. By examining the contents related to this term, we can find the SECRET_KEY value needed to complete the challenge.
- Submitting the Key complete solve Lab
That’s all, friends. Thank you for reading up to this point. I would like to hear your feedback on anything not clear here. Here is my Twitter account @T3chnocr4t. Feel free to DM me if you have any issues with my write-up. Thanks!