Information Disclosure - [PortSwigger]
![Cover Image for Information Disclosure - [PortSwigger]](/assets/images/blog/PortSwigger/Information_Disclosure_Banner.png)
Introduction
In this post there is a compilation of every apprentice and practitioner lab related to the *Information Disclosure topic from PortSwigger Academy.
Information disclosure in error messages [Apprentice]
Checking a product appears the parameter productId which contains a number as a value. So, by changing the number to letters, we obtain an error that contains the framework's version.
Information disclosure on debug page [Apprentice]
To pass this lab we need to find a specific comment. This can be found by reviewing the HTML on any site page or using the engagement tools Discover content or Find comments. The path you are looking for is /cgi-bin/phpinfo.php.
Finally, you only have to access that path and look for the "SECRET_KEY" value.
Source code disclosure via backup files [Apprentice]
Looking at /robots.txt there is a path named /backup.
Looking inside the file, the password can be obtained.
Authentication bypass via information disclosure [Apprentice]
Using the TRACE method for any request on the web site, a custom header appears X-Custom-IP-Authorization.
The value corresponds to our public IP.
Trying to access the /admin panel, appears the message " Admin interface only available to local users ".
So, by intercepting the request and adding the X-Custom-IP-Authorization header with the localhost IP, it is possible to bypass the IP filter and delete the user Carlos.
Information disclosure in version control history [Practitioner]
There is a .git repository.
You can use git-dumper to download the git repository.
Then, look at the commits.
Because there is nothing on the current version, let's change to the first commit.
After that, you can retrieve the Administrator's password to access the admin panel.