PortSwigger Lab: Information disclosure on debug page
1 min read
Summary
The PortSwigger Academy Lab requires users to identify and submit a secret key in order to pass.
The secret key is located in a file in the cgi-bin directory of the lab environment, called phpinfo.php.
This file is a tool that displays configuration settings and detailed information about the PHP server running on the server.
The secret key is located in the “Configuration File (php.ini) Path” section of the page and users need to copy and submit this to pass the lab.
The lab teaches users to identify and exploit an information disclosure vulnerability and is overall a primer on basic web application security testing practices.
Users need to set up FoxyProxy to redirect the lab’s traffic to Burp Suite to capture and crawl the website, and explore the files to complete the lab.