Skip to content

chojnowski.it

Port Swigger Information disclosure in error messa

Port Swigger Information disclosure in error messa

Information disclosure in error messages¶

Solution¶

Open the website: https://0a770039035c112082a567e400dd0009.web-security-academy.net/product?productId=1¶

GET /product?productId=1 HTTP/2
Host: 0a770039035c112082a567e400dd0009.web-security-academy.net
Cookie: session=0DUG59Yn38jaOgCeibw7LcG3x9cwzJzu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: https://0a770039035c112082a567e400dd0009.web-security-academy.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers

Change ?productId=1 to ?productId=a¶

GET /product?productId=a HTTP/2
Host: 0a770039035c112082a567e400dd0009.web-security-academy.net
Cookie: session=0DUG59Yn38jaOgCeibw7LcG3x9cwzJzu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers

Get info about software¶

Software: Apache Struts 2 2.3.31
---
Response
___
HTTP/2 500 Internal Server Error
Content-Length: 1682

Internal Server Error: java.lang.NumberFormatException: For input string: "a"
    at java.base/java.lang.NumberFormatException.forInputString(NumberFormatException.java:67)
    at java.base/java.lang.Integer.parseInt(Integer.java:661)
    at java.base/java.lang.Integer.parseInt(Integer.java:777)
    at lab.c.w.x.y.Z(Unknown Source)
    at lab.o.go.g.z.h(Unknown Source)
    at lab.o.go.i.z.p.E(Unknown Source)
    at lab.o.go.i.e.lambda$handleSubRequest$0(Unknown Source)
    at s.x.s.t.lambda$null$3(Unknown Source)
    at s.x.s.t.N(Unknown Source)
    at s.x.s.t.lambda$uncheckedFunction$4(Unknown Source)
    at java.base/java.util.Optional.map(Optional.java:260)
    at lab.o.go.i.e.y(Unknown Source)
    at lab.server.k.a.n.l(Unknown Source)
    at lab.o.go.v.B(Unknown Source)
    at lab.o.go.v.l(Unknown Source)
    at lab.server.k.a.k.p.B(Unknown Source)
    at lab.server.k.a.k.b.lambda$handle$0(Unknown Source)
    at lab.c.t.z.p.Q(Unknown Source)
    at lab.server.k.a.k.b.Q(Unknown Source)
    at lab.server.k.a.r.V(Unknown Source)
    at s.x.s.t.lambda$null$3(Unknown Source)
    at s.x.s.t.N(Unknown Source)
    at s.x.s.t.lambda$uncheckedFunction$4(Unknown Source)
    at lab.server.gv.B(Unknown Source)
    at lab.server.k.a.r.G(Unknown Source)
    at lab.server.k.w.c.q(Unknown Source)
    at lab.server.k.q.m(Unknown Source)
    at lab.server.k.c.m(Unknown Source)
    at lab.server.gd.F(Unknown Source)
    at lab.server.gd.r(Unknown Source)
    at lab.x.e.lambda$consume$0(Unknown Source)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
    at java.base/java.lang.Thread.run(Thread.java:1583)

Apache Struts 2 2.3.31

Solved¶