Lab(3): File path traversal, traversal sequences stripped non-recursively

Lab description → This lab contains a file path traversal vulnerability in the display of product images.

The application strips path traversal sequences from the user-supplied filename before using it.

To solve the lab, retrieve the contents of the /etc/passwd file.

Procedure or POC → According to File description , Application is neutralising any sequence

Of file traversal ../../../etc/passwd like this , that can be used file traversal .

Possible solution → So Different Sequence should be adapted for file traversal .

STEP 1 → Opening the Lab , Open any image , In burpsuite open GET /image? Request .

STEP 2→ Send this request to repeater , trying relative path first

GOT nothing

STEP 3 → Trying absolute path

GOT nothing

STEP 4 → After trying random sequence found one .

This will complete this LAB .