June 20, 2026
PortSwigger: Information Disclosure ( on debug page)
Information Disclosure is a vulnerability where a web application accidentally reveals sensitive information to its users.
Salsabela Maharany
1 min read
Lab 3: Information disclosure on debug page
This lab contains a debug page that discloses sensitive information about the application. To solve the lab, obtain and submit the SECRET_KEY environment variable.
On the lab main page, open Page Source with Ctrl+U,search for the word debug with Ctrl+F → found an HTML comment:
<!-- <a href=/cgi-bin/phpinfo.php>Debug</a> --><!-- <a href=/cgi-bin/phpinfo.php>Debug</a> -->Copy and access URL /cgi-bin/phpinfo.php
The phpinfo page will open then look for the word SECRET_KEY and copy it
Then paste it in submit solution, and lab will be solved.
