By | November 25, 2020

In this article we are telling you about Information Disclosure Vulnerability like What is Information Disclosure Vulnerability and How to find Disclosure Vulnerability

Here you are being told all this practically and what is it is also being told to you here, we are also telling you to solve two labs of portswigger here.

Just like you are being told here by solving labs of Information Disclosure Vulnerability, the same happens in a real website, if you get Information Disclosure Vulnerability in a website, you can take bounty.

Note – This article is only for educational purpose. Don’t miss use your knowledge and skills.

Also Read

What is business logic flaw vulnerability

Local file inclusion vulnerability

What is xml external entity injection

Information Disclosure Vulnerability ?

Information Disclosure Vulnerability is also known as Information leakage Vulnerability, because if this bug is found in a website, then the normal user gets sensitive information of the website.

If you try to understand Information Disclosure Vulnerability in easy language, then you can say that because of this bug, information of a website gets leak like information of usernames.

Disclosure Vulnerability

When you do it practically, in this way you understand yourself, because of information disclosure Vulnerability , what kind of information can be seen in a website, here we are telling you by solving two labs.

In the same way, you can solve other labs of Information Disclosure Vulnerability as well, as you have been told earlier, you get to learn a lot on portswigger website.

https://portswigger.net/web-security/information-disclosure

How to find Information Disclosure Vulnerability ?

Here we are telling you by solving two labs of Information Disclosure Vulnerability, you get five labs here, you are also given a solution as well.

Information disclosure in error messages ?

Before solving any labs here, you have to start the burp suite as well as you have to keep the intercept off, here you are not being told basic use because you have been told to use in earlier articles.

Disclosure Vulnerability

First of all, you are being told to solve the lab of the information disclosure in error messages. As soon as you open the lab, something like this is open in front of you.

Disclosure Vulnerability

From here you have to first do the access lab, after doing the access lab, the page is open in front of you in such a way that as you can see in the image, before doing all this you have to start the burp suite.

What is cross site request forgery csrf attack

Here you can open any product, after opening, you get the url show in the burp suite, after that you can do further processing if you do not do so, in such a way you do not get the url of the product id.

Disclosure Vulnerability

After doing all this you get the url show in http history of proxy as you can see in the image here you are showing the url of the product id, you are also showing the product id here, you have to send it to repeater.

Disclosure Vulnerability

After sending the request to the repeater, you have to remove the product id which is shown in the number here and give it a string which works as an error message, here we have given the name of the item

Disclosure Vulnerability

After doing all this, when you send the request, in such a way, you can see that you are getting some hidden information show, in the same way you get shown in real website too.

Disclosure Vulnerability

After doing all this, you have to click on submit solution and you have to give the code which you get in the solution of this lab, after doing all this lab is solved.

As you can see in the image you have got this message show of lab solving here, like you get a message show of congratulations on solving all labs.

Information disclosure on debug page

Similarly, Information Disclosure Vulnerability is also found through the Debug page, this lab is also being told by solving you here, apart from these there are also labs which you can try yourself.

Here first you have to run burp suite like we did earlier, after doing all this you can access lab, after lab access you get url in burp suite. How to use Burp Suite.

As you can see in the image you get url show in sitemap in burp suite. After doing all this, you have to find the phpinfo.php file and send it to the repeater.

After sending the repeater, you have to send the request here. After doing all this, you get a secret key in response as you can see in the image. By finding this secret key, it is solved to the lab.

After doing all this, you have to click on submit solution and there you have to give the secret key, after giving secret key in this way, you will be able to see that this lab has been solved.

Just like you have shown a message of congratulation on solving information disclosure in error messages lab, similarly you get a message show of congratulation on solving this lab.

The Conclusion

I hope now you know about Information Disclosure Vulnerability. We have told you by labeling two labs here, you can see the solution of Information Disclosure Vulnerability and labs as well.

Here we want to clear you one thing that it is not always that you get Information Disclosure Vulnerability or any kind of bug just as you have been told that you have to think out of the way to do bug bounty.

Here we can learn by solving such labs and at the same time you also get to learn something new, here you get to know that cross site scripting attacks or Sql injection does not happen in a one way.

If you also want to bug bounty, in this way, you must try to solve all the labs by yourself, your skills also improve as well as you have confidence that you have solved the labs without learning it.

If there is any kind of problem related to your Information Disclosure Vulnerability or in solving other labs, in such a way, you can ask in the comment, we will help you completely.

If you like this article of ours, then definitely share it, as well as subscribe to our blog to get notification of our articles.

Sharing is Caring

Thankyou

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *