Skip to main content

Source code disclosure via backup files

1

Wo can go to the /robots.txt page to see what pages are blocked for web crawlers.

2

We can see that the /backup are blocked. Let's visit it.

3

Let's go the file.

4

As we can see there is a hardcoded password there.

qyb8rfjmzv1edk56w3dwmaom3o505wvy

We can submit this password as the answer.

5

We have solved the lab.

6