Skip to main content

File path traversal, traversal sequences blocked with absolute path bypass

1

Let's check out the image URI.

2

We can intercept the request for this image in BurpSuite using the Proxy.

3

Let's forward the request to the Repeater so the we can modify it.

Once in the Repeater, set the filename parameter to the following and forward the request:

../../../etc/passwd

4

The server tells us that there is no such file. This is because the path in out URI is relative and is being stripped.

We can bypass this by using an absolute path as follows:

/etc/passwd

5

We have successfully solved the lab.

6