PORTSWIGGER

Lab(1): File path traversal, simple case

Lab Description → This lab contains a file path traversal vulnerability in the display of product images.

To solve the lab, retrieve the contents of the /etc/passwd file.

Vulnerability Description → Path Traversal in this attacker is able to see files in the server , by just changing the path in the URL ,

Procedure → In this lab it is given that , This lab has path traversal vulnerability . So first i’ll first open the lab, and move to the any product image ,

Now , Open this image in browser .

Try to open this location , (give filename parameter = ../../../etc/passwd)

../../../etc/passwd

This wil solve the lab.