Source code disclosure via backup files
https://portswigger.net/web-security/information-disclosure/exploiting/lab-infoleak-via-backup-files
Last updated
https://portswigger.net/web-security/information-disclosure/exploiting/lab-infoleak-via-backup-files
Last updated
This lab leaks its source code via backup files in a hidden directory. To solve the lab, identify and submit the database password, which is hard-coded in the leaked source code.
Checking source code page (CTRL+U) and discovering others pages there're not of interesting, so the idea is to try to guess a potential backup page (eg. git, backup).
In this case i was lucky, because the correct directory path was backup: https://0a5400e703e5812285d9c2ef009700ba.web-security-academy.net/backup
with the relative file .bak called: ProductTemplate.java.bak that contain a java package with relative DB information and the password/answer that we need to solve the lab.