Information disclosure in error messages
https://portswigger.net/web-security/information-disclosure/exploiting/lab-infoleak-in-error-messages
Last updated
https://portswigger.net/web-security/information-disclosure/exploiting/lab-infoleak-in-error-messages
Last updated
This lab's verbose error messages reveal that it is using a vulnerable version of a third-party framework. To solve the lab, obtain and submit the version number of this framework.
the idea is to generate and error, than we try to inject something with a SQLi:
and obtaining an error by Apache Struts 2 2.3.31 we've discovered the vs number of this framework.
Checking into page source code there're not of interesting, so click to one of products shop:
