Lab: Source code disclosure via backup files

APPRENTICE

This lab leaks its source code via backup files in a hidden directory. To solve the lab, identify and submit the database password, which is hard-coded in the leaked source code.

Access the lab

Solution

Browse to /robots.txt and notice that it reveals the existence of a /backup directory. Browse to /backup to find the file ProductTemplate.java.bak. Alternatively, right-click on the lab in the site map and go to "Engagement tools" > "Discover content". Then, launch a content discovery session to discover the /backup directory and its contents.
Browse to /backup/ProductTemplate.java.bak to access the source code.
In the source code, notice that the connection builder contains the hard-coded password for a Postgres database.
Go back to the lab, click "Submit solution", and enter the database password to solve the lab.

Want to track your progress and have a more personalized learning experience? (It's free!)

In this topic

Information disclosure Find and exploit information disclosure

All topics

SQL injection XSS CSRF Clickjacking DOM-based CORS XXE SSRF Request smuggling Command injection Server-side template injection Insecure deserialization Directory traversal Access control Authentication Business logic vulnerabilities Web cache poisoning WebSockets Information disclosure

Lab: Source code disclosure via backup files

Solution

In this topic

All topics

Find information disclosure vulnerabilities using Burp Suite