Lab(5): File path traversal, validation of start of path
Lab description → This lab contains a file path traversal vulnerability in the display of product images.
The application transmits the full file path via a request parameter, and validates that the supplied path starts with the expected folder.
To solve the lab, retrieve the contents of the /etc/passwd file.
Procedure Followed OR POC → As told in LAB name (valiidation of start of path) i think in this case application only allow traversal from Start of the path . so instead of sending /etc/passwd
TO solve this lab , i can send /var/www/images/../../../etc/passwd
I hope this will work .
Let’s Start
STEP 1 → Starting with this Product Image
Opening GET image?filename request in burp .
STEP 2→
STEP 3→ Sending this request to burp repeater
STEP 3 → Modifying parameter like /var/www/images/../../../etc/passwd
Sending this request solves the labs.