PortSwigger - Directory Traversal - Lab 3

Posted Jun 10, 2024 Updated Oct 26, 2024

By Jaco Zwarts 1 min read

Lab 3 - Directory Traversal - File path traversal, traversal sequences stripped non-recursively

Lab Objective:

This lab contains a path traversal vulnerability in the display of product images. The application strips path traversal sequences from the user-supplied filename before using it.

To solve the lab, retrieve the contents of the /etc/passwd file.

Reference:
Port Swigger - Lab 3
Rana Khalil - Lab 3

Solution

1. Try the payload

../../../../etc

2. We’ll test to see if the filter removes the file path recursively.

..././..././..././..././etc/passwd

PortSwigger

directory-traversal bscp

This post is licensed under CC BY 4.0 by the author.

Lab 3 - Directory Traversal - File path traversal, traversal sequences stripped non-recursively

Solution

1. Try the payload

2. We’ll test to see if the filter removes the file path recursively.

Trending Tags