Lab: Information disclosure on debug page
This lab contains a debug page that discloses sensitive information about the application. To solve the lab, obtain and submit the
SECRET_KEY environment variable.
- With Burp running, browse to the home page.
Go to the "Target" > "Site Map" tab. Right-click on the top-level entry for the lab and select "Engagement tools" > "Find comments". Notice that the home page contains an HTML comment that contains a link called "Debug". This points to
In the site map, right-click on the entry for
/cgi-bin/phpinfo.phpand select "Send to Repeater".
In Burp Repeater, send the request to retrieve the file. Notice that it reveals various debugging information, including the
Go back to the lab, click "Submit solution", and enter the
SECRET_KEYto solve the lab.