Self Notes: Web Security Academy Directory Traversal Lab 3
Link to Lab 3
In this Lab, the Task is to retrieve the content of the /etc/passwd by exploiting path traversal vulnerability in the product display image endpoint. The application attempts to block exploitation by stripping path traversal sequences from the input before usage. Attempting to exploit the vulnerability with normal path traversal sequences:
The server responded with:
We can inference that our path traversal sequences have been stripped, let's test a bypass by doubling the sequences:
Server Response:
Lab Solved!
Comments
Post a Comment