Post

PortSwigger - Directory Traversal - Lab 2

Posted Updated
Preview Image
By Jaco Zwarts 1 min read

Lab 2 - Directory Traversal - File path traversal, traversal sequences blocked with absolute path bypass

Lab Objective:

This lab contains a path traversal vulnerability in the display of product images. The application blocks traversal sequences but treats the supplied filename as being relative to a default working directory.

To solve the lab, retrieve the contents of the /etc/passwd file.

Reference:
Port Swigger - Lab 2
Rana Khalil - Lab 2

Solution

1. Notice all the image requests when loading the lab.

Directory Traversal - Lab 2 - Image Response from server

2. Send one of these requests to Repeater and access the file by using the absolute path: /etc/passwd

Directory Traversal - Lab 2 - Payload

Absolute vs. Relative Paths

  • Relative Path: Specifies a file or directory location relative to the current working directory. It does not start from the root directory and often includes navigation symbols like . (current directory) or .. (parent directory).
    • Examples:
      • documents/file.txt (if the current directory is /home/user)
      • ../file.txt (refers to the parent directory’s file)
  • Absolute Path: Always starts from the root and does not depend on the current working directory.
    • Examples:
      • /home/user/documents/file.txt
      • C:\Users\Username\Documents\file.txt
PortSwigger
directory-traversal bscp
This post is licensed under CC BY 4.0 by the author.