File path traversal, traversal sequences blocked with absolute path bypass

Let's check out the image URI.

We can intercept the request for this image in Burp Suite using the Proxy.

Let's forward the request to the Repeater so the we can modify it.

Once in the Repeater, set the filename parameter to the following and forward the request:

../../../etc/passwd

The server tells us that there is no such file. This is because the path in out URI is relative and is being stripped.

We can bypass this by using an absolute path as follows:

/etc/passwd

We have successfully solved the lab.