labs
Lab - 1: Information disclosure in error messages
This lab's verbose error messages reveal that it is using a vulnerable version of a third-party framework. To solve the lab, obtain and submit the version number of this framework.
try SQLi at
/product?productId=1'and found an error message
Lab - 2: Information disclosure on debug page
This lab contains a debug page that discloses sensitive information about the application. To solve the lab, obtain and submit the SECRET_KEY environment variable.
found an end point that show phpinfo at
/cgi-bin/phpinfo.phpsearch SECRET_KEY from that page
Lab - 3: Source code disclosure via backup files
This lab leaks its source code via backup files in a hidden directory. To solve the lab, identify and submit the database password, which is hard-coded in the leaked source code.
found backup directory at
/backup/ProductTemplate.java.bak
Lab - 4: Authentication bypass via information disclosure
This lab's administration interface has an authentication bypass vulnerability, but it is impractical to exploit without knowledge of a custom HTTP header used by the front-end.
To solve the lab, obtain the header name then use it to bypass the lab's authentication. Access the admin interface and delete Carlos's account.
You can log in to your own account using the following credentials: wiener:peter
/adminroute is not allowedsend the request with
TRACE /adminand the response containsX-Custom-IP-Authorizationheader containing your IP addressProxy > Options > Match and Replace > Add > Type: "Request header", Replace: "X-Custom-IP-Authorization: 127.0.0.1"
Then send request to
/adminroute from the browser
Lab - 5: Information disclosure in version control history
This lab discloses sensitive information via its version control history. To solve the lab, obtain the password for the administrator user then log in and delete Carlos's account.
at
/.gitpath, there is a git folder
Last updated