Information Disclosure in Error Messages — Burp Lab Walkthrough (Apache Struts 2.3.31) | portswigger

Описание: In this video I solve the "Information disclosure in error messages" lab step-by-step using Burp Suite. The app’s verbose exception reveals the framework version — Apache Struts 2 2.3.31 — which is the lab solution. I show how to trigger the exception, capture the response, and submit the answer.

What you’ll learn
• Why verbose error messages are dangerous.
• How to use Burp Proxy → HTTP history → Repeater to test parameters.
• How sending a non-integer productId triggers an exception and reveals a stack trace.
• How to identify a third-party framework/version from an error.
• Quick remediation suggestions to fix information disclosure.

Resources & further reading
• OWASP — Information Leakage & Improper Error Handling
• Burp Suite documentation — Repeater & Proxy basics
• Apache Struts official site — release / security advisories

Security & ethics
This video is for educational purposes and defensive learning only. Always have explicit permission before testing real systems.

Support & CTA
If this helped, like, subscribe, and hit the bell for more web-app pentest walkthroughs. Questions / suggestions — drop them in the comments.