Path Traversal - NANDITHA90/PortSwigger-LABS GitHub Wiki

LAB - 1

File Path Traversal

  • About

    • This lab contains a path traversal vulnerability in the display of product images.
    • To solve the lab, retrieve the contents of the /etc/passwd file.

(a) Intercept

  • Use Burp Suite to intercept and modify a request that fetches a product image.

(b) Modify

  • Modify : ../../../etc/passwd

  • After Modification

Screenshot (592)

Screenshot (604)

SOLVED

LAB - 2

File Path Traversal, traversal sequences blocked with absolute path bypass

  • About

    • This lab contains a path traversal vulnerability in the display of product images.
    • The application blocks traversal sequences but treats the supplied filename as being relative to a default working directory.
    • To solve the lab, retrieve the contents of the /etc/passwd file.

(a) Intercept

  • Use Burp Suite to intercept and modify a request that fetches a product image.

(b) Modify

  • Modify : /etc/passwd

  • After Modification

Screenshot (593)

Screenshot (603)

SOLVED

LAB - 3

File Path Traversal, traversal sequences stripped non-recursively

  • About

    • This lab contains a path traversal vulnerability in the display of product images.
    • The application strips path traversal sequences from the user-supplied filename before using it.
    • To solve the lab, retrieve the contents of the /etc/passwd file.

(a) Intercept

  • Use Burp Suite to intercept and modify a request that fetches a product image.

(b) Modify

  • Modify : ....//....//....//etc/passwd

  • After Modification

Screenshot (594)

Screenshot (602)

SOLVED

LAB - 4

File Path Traversal, traversal sequences stripped with superfluous URL-decode

  • About

    • This lab contains a path traversal vulnerability in the display of product images.
    • The application blocks input containing path traversal sequences. It then performs a URL-decode of the input before using it.
    • To solve the lab, retrieve the contents of the /etc/passwd file.

(a) Intercept

  • Use Burp Suite to intercept and modify a request that fetches a product image.

(b) Modify

  • Modify : ..%252f..%252f..%252fetc/passwd

  • After Modification

Screenshot (596)

Screenshot (601)

SOLVED

LAB - 5

File Path Traversal, validation of start of path

  • About

    • This lab contains a path traversal vulnerability in the display of product images.
    • The application transmits the full file path via a request parameter, and validates that the supplied path starts with the expected folder.
    • To solve the lab, retrieve the contents of the /etc/passwd file.

(a) Intercept

  • Use Burp Suite to intercept and modify a request that fetches a product image.

(b) Modify

  • Modify : /var/www/images/../../../etc/passwd

  • After Modification

Screenshot (597)

Screenshot (600)

SOLVED

LAB - 6

File Path Traversal, validation of file extension with null byte bypass

  • About

    • This lab contains a path traversal vulnerability in the display of product images.
    • The application validates that the supplied filename ends with the expected file extension.
    • To solve the lab, retrieve the contents of the /etc/passwd file.

(a) Intercept

  • Use Burp Suite to intercept and modify a request that fetches a product image.

(b) Modify

  • Modify : ../../../etc/passwd%00.png

  • After Modification

image

image

SOLVED