Information disclosure on debug page

This lab contains a debug page that discloses sensitive information about the application. To solve the lab, obtain and submit the SECRET_KEY environment variable.

The initial step involves inspecting the source code of the home page, accomplished either by utilizing the shortcut CTRL + U or by employing the default developer tools within the browser. During this investigation, a noteworthy comment was discovered:

<!-- <a href=/cgi-bin/phpinfo.php>Debug</a> -->

Promptly intrigued, I navigated to the indicated page, which turned out to be the output of the phpinfo function. This page inadvertently disclosed a plethora of information, including the coveted SECRET_KEY. Your task now is to extract and submit this key to successfully solve the lab.

PreviousInformation disclosure in error messages NextSource code disclosure via backup files

Last updated 1 year ago