File path traversal, traversal sequences stripped non-recursively
Last updated
Last updated
Let's access the image through the browser.
We can intercept this request in Burp Suite using the Proxy
.
Now, we can sent this intercepted request to the Repeater
to modify it.
Once in the Repeater
, we can set the filename
parameter to the following:
The server tells us that the file does not exist. This is because the ../
characters are being stripped from our parameter.
The problem is, the server does not strip the parameters recursively,
We can exploit it by setting the filename
parameter to the following:
Now, when the ../
characters are stripped it still leaves a set of ../
characters.
We have successfully solved the lab.
Original | Stripped |
---|---|
Original | Stripped |
---|---|
../../../etc/passwd
etc/passwd
....//....//....//etc/passwd
../../../etc/passwd