3.5 Lab: File path traversal, validation of start of path | 2024
This lab contains a path traversal vulnerability in the display of product images. The application transmits the full file path via a request parameter and validates that the supplied path starts with the expected folder. To solve the lab, retrieve the contents of the /etc/passwd file | Karthikeyan Nagaraj
Description
This lab contains a path traversal vulnerability in the display of product images.
The application transmits the full file path via a request parameter, and validates that the supplied path starts with the expected folder.
To solve the lab, retrieve the contents of the /etc/passwd
file.
Solution
- Right-click on an Image of a product and click
Open Image in new tab.
- Turn the proxy on, turn the Intercept on, and refresh the page to capture the request.
- Send the request to Repeater.
- Change the value of the filename to
/var/www/images/../../../etc/passwd
and send the request. - Now you can see the contents of
passwd
file. - Navigate to the browser, turn off the proxy, and refresh the page. You can see that the lab is solved.
YouTube Channel for Cybersecurity Lab’s Poc and Write-ups
Telegram Channel for Free Ethical Hacking Dumps
Thank you for Reading!
Happy Ethical Hacking ~
Author: Karthikeyan Nagaraj ~ Cyberw1ng