Our challenges do NOT require any bruteforcing/directory fuzzing/massive amounts of traffic. Please practise hacking on our challenges manually.
Failure to abide by the rules will put you at risk of being restricted from using our free challenges.
Can you obtain the sensitive information somehow?
We recommend using Firefox for your PoC.
If you visit
https://www.bugbountytraining.com/challenges/challenge-15.php then you'll see
https://www.bugbountytraining.com/challenges/challenge-15login.php first and then revisit the URL above.
You can see some sensitive information right?
Your task is to somehow leak this information as an attacker when a victim visits your site.