Research Academy Daily Swig
My account Customers About Blog Careers Legal Contact
  1. Web Security Academy
  2. Directory traversal
  3. Lab

Lab: File path traversal, simple case

APPRENTICE

This lab contains a file path traversal vulnerability in the display of product images.

To solve the lab, retrieve the contents of the /etc/passwd file.

Access the lab

All topics

SQL injection XSS CSRF Clickjacking DOM-based CORS XXE SSRF Request smuggling Command injection Server-side template injection Insecure deserialization Directory traversal Access control Authentication OAuth authentication Business logic vulnerabilities Web cache poisoning HTTP Host header attacks WebSockets Information disclosure
Try Burp Suite for Free

Find directory traversal vulnerabilities using Burp Suite

Try for free

Stories from the Daily Swig about directory traversal

Pesky widgets

Atlassian’s Confluence collaboration server blighted by critical RCE bug 11 April 2019 Pesky widgets Atlassian’s Confluence collaboration server blighted by critical RCE bug

Patched WordPress plugin still susceptible to attacks

Update now before payments app costs more than you bargained for 18 February 2019 Patched WordPress plugin still susceptible to attacks Update now before payments app costs more than you bargained for

Vulnerability found in Oracle POS terminals

Retail and hospitality businesses urged to patch Micros flaw 02 February 2018 Vulnerability found in Oracle POS terminals Retail and hospitality businesses urged to patch Micros flaw

Hive mind: OWASP 2017 Top 10 released

Injection remains appsec’s biggest threat in 2017 21 November 2017 Hive mind: OWASP 2017 Top 10 released Injection remains appsec’s biggest threat in 2017

Find directory traversal vulnerabilities using Burp Suite

The benefits of working through PortSwigger's Web Security Academy

Get started with the Web Security Academy where you can practise exploiting vulnerabilities on realistic targets .. and its free!

Already got an account? Login here