Lab: File path traversal, simple case

APPRENTICE

This lab contains a file path traversal vulnerability in the display of product images.

To solve the lab, retrieve the contents of the /etc/passwd file.

Solution

Use Burp Suite to intercept and modify a request that fetches a product image.
Modify the filename parameter, giving it the value ../../../etc/passwd.
Observe that the response contains the contents of the /etc/passwd file.

Want to track your progress and have a more personalized learning experience? (It's free!)

Sign up Login

All topics

SQL injection XSS CSRF Clickjacking DOM-based CORS XXE SSRF Request smuggling Command injection Server-side template injection Insecure deserialization Directory traversal Access control Authentication Web cache poisoning WebSockets