Introduction
So, guys, how are you all doing? Today, we are writing an article on Directory or Path Traversal Vulnerabilities. This is our 5th article on directory traversal vulnerabilities. In this article, we will cover the PortSwigger Web Security Lab’s File Path Traversal and Validation of Start of Path. We will provide a complete step-by-step practical approach so that you can understand it well.
Lab Description
In this lab, we have a file path traversal vulnerability in the product’s image parameter. The application delivers the full file location information using a request parameter. Additionally, it ensures that the specified file path starts in the expected folder.
To solve this lab, retrieve the /etc/passwd file.
Lab Solution
Firstly, access the lab and after accessing it, click on the view details of any product. During this process, make sure your Burp is open and the proxy is connected.
After clicking on view details of a product, go to the Proxy tab in Burp. Then, go to the HTTP history tab and click on the filter. Tick the image option because this vulnerability is present in the image section.
I found a request for an image and sent it to the repeater tab.
filename=/var/www/images/49.jpg
Notice the request: it contains a system /var directory and another directory inside it named www. Inside that directory, there is a folder with the image name, such as 48.jpg.
Now, here I will use the payload ../../../etc/passwd to retrieve the /etc/passwd file.
filename=/var/www/images/../../../etc/passwd
As you can see, I have successfully retrieved the /etc/passwd file.
And with this, we have solved the PortSwigger Web Security Lab’s File Path Traversal and Validation of Start of Path.
You can learn everything related to web security on our website. We upload the latest articles on web security topics daily, so stay with us.)
To continue studying check out the next lab i.e. File Path Traversal, Validation Of File Extension With Null Byte Bypass, cover the current lab before visiting the next lab. Good Luck!
FAQS
Website security refers to protecting a website or web application from cyberattacks, unauthorized access, or other security threats.
Web application security means protecting a website from cyberattacks. These attacks may include vulnerabilities such as SQL injection, XSS, file inclusion, and others.
It is always a good practice to use an up-to-date browser with timely updates. Keep your browser plugins up-to-date, avoid malicious websites and links, and always enable 2-factor authentication while avoiding clickjacking.
Searching for someone’s social security number or credit card information on the dark web is illegal and unethical. It is important to always avoid such activities and protect yourself and others from cyber threats.
