Information Disclosure is a security vulnerability where a system or application unintentionally exposes sensitive or internal information to users. This means that information is visible that is not intended for normal users to see.

Hey me dear reader…..

This lab from the PortSwigger Web Security Academy demonstrates how sensitive application source code can be exposed through improperly stored backup files. Developers sometimes create backup copies of files before making changes. If these backups are accidentally uploaded to a production server and remain publicly accessible, attackers may be able to download them and analyze the application's source code.

This can lead to information disclosure vulnerabilities.

Source code disclosure occurs when attackers gain access to the underlying code of a web application.

This may reveal:

• Application logic
• Database queries
• Hardcoded credentials
• API keys
• Security weaknesses

Even if the application itself is secure, exposing the source code significantly increases the attack surface.

Or

We are using feroxbuster here, you can use /other tools if you want, but remember that our main task is to check whether there is any information leakage in some way.

This lab leaked its source code via a backup file in a hidden directory. We found a password from the database, although it is hard-coded in the code, but it is very risky.