June 19, 2026
Information Disclosure: When a Website Leaks Its Own Secrets (Lab 2)
Information Disclosure is a vulnerability where a web application accidentally reveals sensitive information to its users.
maharany salsa
1 min read
Lab 2: Information disclosure in error messages
This lab's verbose error messages reveal that it is using a vulnerable version of a third-party framework. To solve the lab, obtain and submit the version number of this framework.
Open the web and create an error trigger. The easiest way is to click on one of the products and notice the URL, then change the productId value to productId=abc.
Check out the HTTP error response it generates, the server will show an error message containing the framework name along with its specific version number (Apache Struts 2 2.3.31).
Copy that framework version and then paste it in submit solution.
