Self Notes: Web Security Academy Directory Traversal Lab 2
Link to Lab 2
This Lab Contains a path traversal vulnerability in the display product image endpoint. The application blocks traversal sequences but treats the supplied filename as being relative to a default working directory.
First, we try to exploit this lab using the normal traversal sequences:
The server responds with an error showing path traversal is blocked. Let's modify the request with an absolute path:
The server responds with:
Lab Solved!
Comments
Post a Comment