Lab(5): File path traversal, validation of start of path

--

Lab description → This lab contains a file path traversal vulnerability in the display of product images.

The application transmits the full file path via a request parameter, and validates that the supplied path starts with the expected folder.

To solve the lab, retrieve the contents of the /etc/passwd file.

Procedure Followed OR POC → As told in LAB name (valiidation of start of path) i think in this case application only allow traversal from Start of the path . so instead of sending /etc/passwd

TO solve this lab , i can send /var/www/images/../../../etc/passwd

I hope this will work .

Let’s Start

STEP 1 → Starting with this Product Image

Opening GET image?filename request in burp .

STEP 2→

STEP 3→ Sending this request to burp repeater

STEP 3 → Modifying parameter like /var/www/images/../../../etc/passwd

Sending this request solves the labs.

--

--

No responses yet