There is an essential thing in writing a code, whenever comment in the code is not deleted. There can be disastrous event, especially, if comment was really critical. This challange will showcase this vulnerability.

After we start the lab, it gives us a link "https://lab.hdna.me/4-secrets-in-source" that directs towards the web page. In this page, we can see the source code by pressing the "Ctrl + U" via personal computer. After pressing, we will see the source code and at the bottom we can see the comment like:

<!-- TODO: move the flag "/anwvdzqtcucr/flag.txt" in a more secure location -->

as seen, the commend directs us to the "/anwvdzqtcucr/flag.txt" sub domain. So, the flag can be found by adding the sub domain what we found to the real URL that HackerDNA gave us previously.