JESS' SECURITY QUEST
OWASP TOP 10 View Guide
Easy 150 Points Debug Endpoints
Challenge Description

Development and debug endpoints are often left enabled in production environments. These endpoints can expose sensitive information like environment variables, configuration, database credentials, and even heap dumps containing passwords.

Objective: Discover and access debug endpoints to find the hidden flag. The flag format is FLAG{...}
Endpoint Explorer

Try accessing different endpoints. Many frameworks expose debug endpoints at predictable paths.

https://target.com
Quick access (common debug endpoints):
Discovered Endpoints

Click "Show All Known" to reveal the endpoint list, or discover them yourself!

Your Access Log

No requests made yet.

Submit Flag
Hints -10% per hint
Hints revealed: 0 / 5
Score penalty: 0%
Common Debug Paths

Common paths attackers check:

  • /debug/ - Generic debug info
  • /actuator/ - Spring Boot
  • /elmah.axd - ASP.NET errors
  • /phpinfo.php - PHP info
  • /.env - Environment file
  • /server-status - Apache status
  • /api/internal/ - Internal APIs
Learning Resources
An error has occurred. This application may no longer respond until reloaded. Reload Dismiss