PortSwigger - Directory Traversal - Lab 1

Posted Jun 10, 2024 Updated Oct 26, 2024

By Jaco Zwarts 1 min read

Lab 1 - Directory Traversal - Simple Case

Lab Objective:

This lab contains a path traversal vulnerability in the display of product images.

To solve the lab, retrieve the contents of the /etc/passwd file.

Reference:
Port Swigger - Lab 1
Rana Khalil - Lab 1

Solution

1. Investigate http requests and notice the `/image?filename` request

2. We’ll send the request to intruder and remove the image.jpg and replace it with the below payload to read the etc/passwd file.

../../../../../../../../etc/passwd

directory-traversal bscp

This post is licensed under CC BY 4.0 by the author.

Trending Tags

bscp authentication cbbh directory-traversal command-injection business-logic-vulnerability checklist recon brute-forcing file-upload-attacks