# File path traversal, validation of start of path
Let's access the image through the browser.
We can now intercept this request in Burp Suite using the `Proxy`.
Now, we can forward the request to the `Repeater` to makes changes in it.
Let's change the `filename` parameter to the following and forward the request:
```
/etc/passwd
```
The server requires the user-supplied filename to start with `/var/www/images`.
```
/var/www/images/../../../etc/passwd
```
We have successfully solved the lab.
