Discovering Database Login Credentials in Portswigger site:
Lab: Source code disclosure via backup files
- Every website will have robots.txt in it to help search engine to allow/ disallow the path.
- Append the /robots.txt in the url to understand the flaws if any
- In this example we could see as below User- agent: * Disallow: /backup
Meaning for all the users, /backup folder should not be allowed to view.
- Next we should append /backup in the url and try to see if there is any leads.
- In this case we could see there is "ProductTemplate.java.bak" file.
- While we access it, we could see this is a Java programmed file which is actual source code.
- If we see the code, there is a connectionbuilder that shows the Postgresql details that include database username and password.
- We could see the password that listed in this code.
- It is an information disclosure bug that will make us to access the database.
- First way of approach is to try to search the leads thru "robots.txt" url.
Top comments (0)