3.5 Lab: File path traversal, validation of start of path | 2024

This lab contains a path traversal vulnerability in the display of product images. The application transmits the full file path via a request parameter and validates that the supplied path starts with the expected folder. To solve the lab, retrieve the contents of the /etc/passwd file | Karthikeyan Nagaraj

Karthikeyan Nagaraj
Infosec Matrix
2 min readJan 16, 2024

--

Description

This lab contains a path traversal vulnerability in the display of product images.

The application transmits the full file path via a request parameter, and validates that the supplied path starts with the expected folder.

To solve the lab, retrieve the contents of the /etc/passwd file.

Solution

  1. Right-click on an Image of a product and click Open Image in new tab.
  2. Turn the proxy on, turn the Intercept on, and refresh the page to capture the request.
  3. Send the request to Repeater.
  4. Change the value of the filename to /var/www/images/../../../etc/passwdand send the request.
  5. Now you can see the contents of passwd file.
  6. Navigate to the browser, turn off the proxy, and refresh the page. You can see that the lab is solved.

--

--

Infosec Matrix
Infosec Matrix

Published in Infosec Matrix

Collection of Best Writeups for HackTheBox, Portswigger, Bug Bounty, TryHackme, OverTheWire, PwnCollege, PicoCTF, and More.

Karthikeyan Nagaraj
Karthikeyan Nagaraj

Written by Karthikeyan Nagaraj

Entrepreneur | Writer | Cyber Security Consultant | AI Researcher

No responses yet

What are your thoughts?