Information disclosure on debug page

Description

This lab contains a debug page that discloses sensitive information about the application.

Reproduction and proof of concept

  1. With Burp running, browse to the home page.

  2. Go to the Target -> Site Map tab. Right-click on the top-level entry for the lab and select Engagement tools -> Find comments. The home page contains an HTML comment that contains a link called Debug. This points to /cgi-bin/phpinfo.php.

Information disclosure

  1. In the site map, right-click on the entry for /cgi-bin/phpinfo.php and select Send to Repeater.

  2. In Burp Repeater, send the request to retrieve the file. It reveals debugging information, including the SECRET_KEY environment variable.

  3. Go back to the lab, click Submit solution, and enter the SECRET_KEY to solve the lab.

Exploitability

An attacker will need to obtain and submit the SECRET_KEY environment variable.