PortSwigger Lab: Information disclosure in error messages

The PortSwigger Academy offers a lab based on the vulnerability of information in error messages for individuals interested in ethical hacking and web security to solve.
This lab focuses on an application’s vulnerability to an error during a recursive file upload, which could lead to an information disclosure.
The first step involves accessing the lab and setting up FoxyProxy with Burp Suite to capture traffic on the browser.
This is followed by manipulating the productId parameter to52222c5e-43bb-4013-b9b8-768d39869a6e
Next, this ID is used to upload a file with an invalid extension, resulting in a detailed error message (sensitive information).
This information is then submitted as the solution to complete the lab.
It is important to note that the vulnerabilities demonstrated are specifically for experimental purposes to educate users on spotting such flaws; actual usage could lead to illegal behaviour and unethical hacking.

Fast Feed