A walkthrough of a PortSwigger Web Security Academy lab focused on information disclosure through verbose error messages. The lab demonstrates how replacing a product ID with arbitrary text triggers a detailed error response that reveals the Apache server version. This reconnaissance data can help attackers identify known CVEs, plan exploits, and fingerprint the technology stack. Common sources of information disclosure include debug messages, stack traces, misconfigured APIs, source maps, and server headers.
Sort: