Python Pitfalls - joinpath
Python's function pathlib.PurePath.joinpath works very similar to the functoin: os.path.join, joinpath concatenates the paths specified as arguments. However, if we specify an absolute path somewhere in the function that begins with an absolute path, for example: /etc/passwd on a Linux system, our path /etc/passwd will overwrite all paths behind it and become the new absolute path.
An attacker can use the following attack technique to exploit this path traversal (CWE-22) vulnerability.
Now that you know how you can use this techniques to your advantage, you can test your practical skills in the official lab below.