Can you obtain the sensitive information somehow?

Easy Misc / Application Logic

We recommend using Firefox for your PoC.

If you visit https://www.bugbountytraining.com/challenges/challenge-15.php then you'll see Not authenticated!.

Visit https://www.bugbountytraining.com/challenges/challenge-15login.php first and then revisit the URL above.

You can see some sensitive information right?

Your task is to somehow leak this information as an attacker when a victim visits your site.


Solution