Information Disclosure Challenge

Medium 200 Points Information Disclosure

Challenge Description

Applications often leak sensitive information through verbose error messages, response headers, and different behaviors. This can include database credentials, internal IP addresses, stack traces, and even API keys.

Objective: Extract sensitive information from error messages and headers to find the hidden flag. The flag format is FLAG{...}

Error Trigger

Trigger different types of errors to see what information is leaked:

Response Headers

HTTP response headers often leak version information and internal details:

User Enumeration

Password reset functionality often reveals whether a user exists:

Username

Submit Flag

Hints -10% per hint

Hints revealed: 0 / 5
Score penalty: 0%

What to Look For

Stack traces reveal internal paths and code structure
Connection strings may include credentials
Server headers expose version information
Different error messages for valid vs invalid users
Internal IPs reveal network topology
API keys embedded in error details

Learning Resources