Information disclosure on debug page
https://portswigger.net/web-security/information-disclosure/exploiting/lab-infoleak-on-debug-page
Last updated
https://portswigger.net/web-security/information-disclosure/exploiting/lab-infoleak-on-debug-page
Last updated
This lab contains a debug page that discloses sensitive information about the application. To solve the lab, obtain and submit the SECRET_KEY environment variable.
Searching into page source (CTRL+U) the world 'debug' we found this info disclosure into comments, with a link for this config website: /cgi-bin/phpinfo.php
Adding it to the orginal URL () we can obtain info about php version and all other configration data (in our case the 'SECRET_KEY')
