📄️ Lab 1 - Info Disclosure in Error Message
Step-by-step PortSwigger lab showing how verbose error messages can leak third-party framework versions; trigger with an invalid productid to extract the version.
📄️ Lab 2 - Info Disclosure via Debug Page
Step-by-step PortSwigger lab demonstrating how a publicly accessible debug page can leak secrets — find the debug endpoint from source comments and extract the SECRET_KEY.
📄️ Lab 3 - Source Code Backup Leak
Step-by-step PortSwigger lab demonstrating how exposed backup files can leak source code and reveal hardcoded database credentials — find /backup/, read the file, extract DB password.
📄️ Lab 4 - Auth Bypass via Info Disclosure
Step-by-step PortSwigger lab demonstrating how HTTP TRACE method can leak internal authentication headers, allowing access to the admin panel and deletion of sensitive users. Explains exploitation using X-Custom-IP-Authorization header.
📄️ Lab 5 - Info Disclosure via Git
Step-by-step PortSwigger lab demonstrating how a publicly exposed .git folder can leak sensitive information, including hardcoded administrator passwords, enabling unauthorized access and deletion of users.