😋Path traversal
https://portswigger.net/web-security/learning-paths/path-traversal
Path traversal is also known as directory traversal. These vulnerabilities enable an attacker to read arbitrary files on the server that is running an application.
Lab: File path traversal, simple case
So I open an image of the website in a tab and capture the request:
and modify the request to access the passwd file:
Lab: File path traversal, traversal sequences blocked with absolute path bypass
The absolute path of my req bypassed their protection:
Lab: File path traversal, traversal sequences stripped non-recursively
captured the image again and doubled the args in the path ....//
Lab: File path traversal, traversal sequences stripped with superfluous URL-decode
On this one we just had to double encode the request to bypass the filter:
this worked as well:
Lab: File path traversal, validation of start of path
After capturing the req of an image, we see this odd path:
We get only 400 if we don't start fetching from /var/www/images:
example:
Lab: File path traversal, validation of file extension with null byte bypass
we simply trick the request with the null byte %00:
Last updated
