Self Notes: Web Security Academy Directory Traversal Lab 4

Link to Lab 4

This Lab has a path traversal vulnerability in the image display endpoint, it attempts to defeat exploitation by stripping the path traversal sequence from the user input before decoding and using the input. The task is to read /etc/passwd file. As usual, test with normal exploit:


Response from Server:


The server responded with the image, we can confirm that the input is being stripped. Let's try encoding our input be before sending to the server and hopefully the server will decode it for us:


Server Response:



The server disagrees, let try doubly encoding the input:


Server Response:


Lab Solved!


Comments

Popular posts from this blog

Before You Dive In...

OverTheWire: Bandit Lab

SSRF Notes: PortSwigger Labs Continued