Introduction

Hello friends, how are you all? In this article, we will cover the PortSwigger Web Security Lab’s File Path Traversal, Traversal Sequences Stripped Non-Recursively, step by step practically.

Lab Description

This lab has a file path traversal vulnerability in the product’s images. The application has implemented security measures that we need to bypass in order to retrieve the /etc/passwd file.

Lab Solution

To solve this lab, first access the lab. After accessing it, enable the proxy in your Burp. Also, copy the lab’s URL and add it to the scope in the Target tab of Burp. This will allow us to easily filter requests and responses.

First, view any product in the lab. Then, go to the HTTP history and click on “Show only in-scope items” and tick the “Images” option.

Look for a request with a .jpg file-based name and send it to the repeater tab.

GET /image?filename=/etc/passwd

After sending it to the repeater tab, I changed the filename to /etc/passwd, but I couldn’t access the /etc/passwd file.

GET /image?filename=….//….//….//etc/passwd

Now, you can see that when I used (….//….//….//etc/passwd) instead of /etc/passwd, I successfully retrieved the passwd file.

With this, we have solved the PortSwigger Web Security Lab’s File Path Traversal, Traversal Sequences Stripped Non-Recursively.

You can learn everything related to web security on our website. We upload the latest articles on web security topics on a daily basis, so stay with us.

To continue studying check out the next lab i.e. File Path Traversal, Traversal Sequences Stripped With Superfluous URL-Decode, cover the current lab before visiting the next lab. Good Luck!

FAQS