Information disclosure on debug page

portswigger lab problem solution (without using burp-suite)

• Start the lab (tab ACCESS THE LAB)
• A new page will open
• Open the view-source page (Ctrl+u)
• Search comment (Ctrl+ f then <! — or Debug)

• Add that '/cgi-bin/phpinfo.php' to the url then press enter

• A PHP page will appear with lots of informations

• Ctrl+f then search for 'secret key' and that will be the answer