introduction

Hello, friends. How are you all doing? This is our 6th article on path and directory traversal vulnerabilities. In this article, we will cover the PortSwigger Web Security Lab’s File Path Traversal and Validation of File Extension with Null Byte Bypass step by step practically.

Lab Description

In this lab, we have already discussed that there is a file path traversal vulnerability in the product’s image section. The application has implemented security measures to validate your extension. Therefore, if you provide any malicious input, it will not be accepted. To solve this lab, you need to retrieve the /etc/passwd file.

Lab Solution

Firstly, access the lab. After accessing it, enable the Burp proxy and configure your browser to use the Burp proxy as well. Once you have done that, click on any product to view its details.

When you click on a product, go to the Burp proxy tab and navigate to the HTTP history tab. Click on the filter and select images because this vulnerability can be found in the image section.

After doing this, you will find some images. Simply send one of those images to the repeater tab because we need to perform testing on it.

../../../etc/passwd%00.png

As you can see, I tried a payload, and I gained access to the /etc/passwd file. In the above payload, I used %00.png, which is a null character used to bypass security.

So, as you can see, we have successfully solved the PortSwigger Web Security Lab’s File Path Traversal and Validation of File Extension with Null Byte Bypass. Check our site if you want to learn cybersecurity in-depth

Now you have officially completed all the labs for Directory Traversal, Now you have to move towards the Command Injection Labs Start from Here : OS Command Injection, Simple Case. Good Luck!

FAQS