Debug pages can quietly expose sensitive internals like environment variables, framework configs, and even SECRET_KEY values. In this video, we walk through how to discover and exploit information disclosure on debug pages, using hands-on exercises from PortSwigger Web Security Academy labs.
What you’ll learn:
- How to find hidden debug endpoints from HTML comments and content discovery.
- Using Burp Suite (Site map, Find Comments, Repeater) to pull sensitive configs from debug pages.
- Real PortSwigger lab workflow: locate phpinfo.php and extract SECRET_KEY.
- Risk and impact: why exposed debug pages lead to high-severity findings.
#CyberSecurity #WebAppSecurity #EthicalHacking #PortSwigger #WebSecurityAcademy #BugBounty #Pentesting #BurpSuite #OWASP #InfoSec #VAPT
