Information Disclosure
Labs:~# Source code disclosure via backup files
Hey, In this lab, the source code is exposed through backup files located in a hidden directory. To complete the lab, you need to find and submit the database password, which is hard-coded within the leaked source code.
What is information disclosure?
Information disclosure, also known as information leakage, is when a website unintentionally reveals sensitive information to its users.
End Goals:~#
- Find and submit the database P455W0rd
Steps To Reproduce:~#
- Check all the features and functionality of the application. Be sure to enable your proxy to capture and analyze the requests.
- Since we are looking for backup files, I searched through each request and response, but did not find any results.
- While checking the robots.txt(The robots.txt file is used by websites to tell search engines and other web crawlers which parts of the site they should not visit or index. ) file of the web application, I discovered a path for the backup files.
- On the backup page, there is a file that we need to examine thoroughly to locate the database password.
- Checking it found the password.
- We solve the lab. easy right?
That’s all, friends. Thank you for reading up to this point. I would like to hear your feedback on anything not clear here. Here is my Twitter account @T3chnocr4t. Feel free to DM me if you have any issues with my write-up. Thanks!