File path traversal, validation of start of path

Let's access the image through the browser.

We can now intercept this request in Burp Suite using the Proxy.

Now, we can forward the request to the Repeater to makes changes in it.

Let's change the filename parameter to the following and forward the request:

/etc/passwd

The server requires the user-supplied filename to start with /var/www/images.

/var/www/images/../../../etc/passwd

We have successfully solved the lab.

Last updated 9 months ago