PHP

Basic Path Traversal

by Brumens

drag_indicator

info

drag_indicator

inputs

drag_indicator

inspect

Basic path traversal

Found a way to escape the /tmp/files/notes directory and access arbitary files on the vulnerable application!

Goal

Capture the flag! The flag can be found in the file: /tmp/secret/flag.txt

Hints

Hint #1

expand_more

Try use the dot-dot-slash technique!

Solution

Read the solution

expand_more

The program relies entirely on the specified file name given by the user, making it vulnerable to a path traversal. The attacker can use a dot-dot-slash technique to escape the intended folder structure and access the flag file stored in the secret folder.

Payload:

../../secret/flag.txt

drag_indicator

waf

INPUT

OUTPUT

drag_indicator

code

drag_indicator

result