File path traversal, simple case

Let's access the image.

We can now intercept this request in Burp Suite using the Proxy.

As we can see the name of the image file is being passed into the filename parameter.

Now, we can forward the request to the Repeater to makes changes in it.

Let's change the filename parameter to the following and forward the request:

../../../etc/passwd

We have successfully solved the challenge.