선릉역 1번 출구

[bug bounty] Lab: Information disclosure on debug page 본문

Project/Program

[bug bounty] Lab: Information disclosure on debug page

choideu 2023. 9. 17. 14:28

URL

- https://portswigger.net/web-security/information-disclosure/exploiting/lab-infoleak-on-debug-page

 

Lab: Information disclosure on debug page | Web Security Academy

This lab contains a debug page that discloses sensitive information about the application. To solve the lab, obtain and submit the SECRET_KEY environment ...

portswigger.net

- https://portswigger.net/web-security/information-disclosure/exploiting/lab-infoleak-via-backup-files

 

Lab: Source code disclosure via backup files | Web Security Academy

This lab leaks its source code via backup files in a hidden directory. To solve the lab, identify and submit the database password, which is hard-coded in ...

portswigger.net

 

1. common.txt 다운로드 경로

https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/common.txt

 

2. ferobuster 문서

https://epi052.github.io/feroxbuster-docs/

 

feroxbuster

A fast, simple, recursive content discovery tool written in Rust.

epi052.github.io

sudo apt update && sudo apt install -y feroxbuster

 

3. window > kali 파일 보내기

scp <파일 경로> <kali ID>@<kali ip>:<kali file 다운받을 경로>

 

4. Feroxbuster 사용하기

feroxbuster -u <url> -w <wordlist>

 

5. feroxbuster 결과 확인하기

해당 URL 이동

phpinfo.php 파일 확인

 

6. phpinfo.php 파일 확인

phpinfo.php

해당 파일의 PHP Variables 에서 secret key로 보이는 값 확인

 

'Project > Program' 카테고리의 다른 글

[Becoming the hacker] Penetration Test Tools  (0) 2023.10.19
[bug bounty] Lab: Information disclosure in version control history  (0) 2023.09.17
[tryhackme] Windows Fundamentals 3  (0) 2023.09.10
[tryhackme] Windows Fundamentals 1, 2  (0) 2023.09.09
AWS on architecting(2)  (0) 2023.08.30
'Project/Program' Related Articles more
Comments