🧪 Lab: Verbose Error Messages & Vulnerable Framework

ℹ️ Info

This lab returns verbose error messages that reveal the application is using a vulnerable version of a third-party framework.

🎯 Goal

To solve the lab, you need to obtain and submit the version number of the framework.

📝 Thought Process

• The application shows error messages when we input unexpected values.
• After browsing 👀, we noticed the app doesn’t have many functions — it only displays posts.
• The idea 💡: change the type of the productId parameter from integer → string and observe how the backend handles the error.

⚙️ Experiment

• Sent productId=abc instead of a number.
• The application returned a detailed error message 🔍 exposing framework information.

✅ Result

The error message revealed the application is using:

Apache Struts 2 2.3.31

Submitting this version number solved the lab 🎉.