File path traversal, simple case
Last updated
Last updated
This lab contains a path traversal vulnerability in the display of product images.
To solve the lab, retrieve the contents of the /etc/passwd
file.
The parameter productsID seems to not be vulnerable, than we can try to open the relative image, that usually is located into /var/www/images
web server directory.
In this case directory and parameter are different, capturing it with Burp and trasfer to Repeater using CTRL+R
Here, we can modify the filename reference adding ../../../../../etc/passwd
to do five jump back into directory, arriving to root /
and accessing to /etc/passwd
file:
Click to one of products shop: