Happy hacking!
Today’s blog post is #4 in the BodgeIt Store series.
If you want to view post #3 click HERE.
In today’s post we’re going to find diagnostic data.
So exactly what is diagnostic data?
In this case, we’re looking for a webpage inside the store that will reveal debugging data.
What exactly is debugging data?
Debugging data is used by developers who want to make sure their application is working correctly.
The problem is that the developers do not turn off the debugging feature before moving their application to production (live).
Let’s get started.
So how are we going to find the debug data? We’re going to add the following in the URL address bar: ?debug=true
Let’s start with the home page:
We added the debug command, and it the page rendered the same. No debugging code on this page.
Let’s try the about us page.
Adding the debug command, the page rendered the same. No debugging code on this page.
Let’s try the contact us page.
Adding the debug command, the page rendered the same. No debugging code on this page.
Let’s try the login page.
Adding the debug command… the page rendered:
If you view the top of the page, you will see the new line – DEBUG: Clear.
This is an example of debugged code!
We were able to find diagnostic code in the application.
Let’s try the Your Basket page, and see what we get:
We found another page that has diagnostic data! In this case the debugged line says – DEBUG basketid = 5.
Let’s try search page, and see what we get:
No diagnostic data here.
Let’s see what the scoreboard says:
We have successfully completed the find diagnostic data challenge (it’s green)!
1 thought on “The BodgeIT Store Series #4, Find Diagnostic Data – #bodgeit #infosec #pentest #appsec #webapp”