4.9.web info disclosure debug page(Web Security Academy)

• Web Security Academy >> Information disclosure >>Exploiting >>Lab

This lab contains a debug page that discloses sensitive information about the application. To solve the lab, obtain and submit the SECRET_KEY environment variable.

So it seems that we have to create a debug page through which we reveal sensitive information about the application …………

We can first search in /robots.txt :

But we didn’t find anything important….

So I’ll try to guess which Directory contains the debug page, so….

We will need a tool that helps us guess and also a large set of possibilities, so we will use the feroxbuster tool, and the list that we will use for guessing is the list for https://github.com/Bo0oM/fuzz.txt/blob/master/fuzz.txt\ You can also download the feroxbuster tool from here: https://github.com/epi052/feroxbuster

feroxbuster -u "https\://0a6d00b6036d1771808a99a1006a0080.web-security-academy.net/" -w /home/as/Desktop/fuzz.txt

Here's what each part means:

• feroxbuster: This is the command to run FeroxBuster.

• -u "https://0a6d00b6036d1771808a99a1006a0080.web-security-academy.net/": This flag specifies the target URL to scan. In this case, it's the URL https://0a6d00b6036d1771808a99a1006a0080.web-security-academy.net/, which seems to be a web server belonging to Web Security Academy.

• -w /home/as/Desktop/fuzz.txt: This flag specifies the wordlist (list of words) to use for fuzzing or directory and file discovery. It points to the file /home/as/Desktop/fuzz.txt, which is likely a text file containing a list of words that FeroxBuster will use to attempt to discover directories and files on the target website.

In summary, this command tells FeroxBuster to scan the specified URL using the wordlist provided in fuzz.txt to discover directories and files on the target web server. This can be useful for security testing purposes to identify hidden or potentially vulnerable areas of a website.

Finally we found the Directory, let’s look at it :

We found a file that looks interesting :

Here is the debugging page. You can search the page for the word “SECRET_KEY” and send the key until you finish the laptop. However, I solved this laptop in another way. You can follow the tick if you want to benefit.

We can also look at the source code, for the site there may be more

Well there was this comment that said it was a comment containing a link to the “phpinfo.php” page, which displays information about the PHP settings. The code has been placed in a comment most likely for security reasons to prevent unauthorized access to sensitive server information.

Since we found the debug page, we can now search for SECRET_KEY :

I will solve the entire lab this time using burp :

When you connect your browser with burp, and then when you go to the “target” tab, you will find that file that we also found by guessing in Wordlist, and inside the file we will find the error correction page, so :

You will perform a “Sent to Repeater” on this GET request, and then you will send the request, and you will find the debugging page again:

You will find the answer like this, so we will search for “SECRET_KEY” :

Congratulations on getting what you want for the second time .

See you soon in other reports….!!

Abdelwahab_Shandy

AS_Cyber