Objective

This lab leaks its source code via backup files in a hidden directory. To solve the lab, identify and submit the database password, which is hard-coded in the leaked source code.

Solution

Looking into page source doesn’t reveal anything but checking /robots.txt revealed that it disallows /backup folder

Accessing the /backup folder shows there is file exists in index of directory called ProductTemplate.java.bak⁠ 

Clicking the file and reveals full source code

Just copy and paste the database password as a solution and submit to solve the lab