Information disclosure in error messages
https://portswigger.net/web-security/information-disclosure/exploiting/lab-infoleak-in-error-messages
Description
This lab's verbose error messages reveal that it is using a vulnerable version of a third-party framework. To solve the lab, obtain and submit the version number of this framework.
Solution

Checking into page source code there're not of interesting, so click to one of products shop: https://0a6c00fe03599c7f8a11a3f700100029.web-security-academy.net/product?productId=1
the idea is to generate and error, than we try to inject something with a SQLi:

and obtaining an error by Apache Struts 2 2.3.31 we've discovered the vs number of this framework.

Last updated