Lab: File path traversal, simple case - Unable to complete the lab exercise
I tried to traverse the file path in the lab exercise "File path traversal, simple case" as directed in the instructions however I am unable to retrieve the contents of /etc/passwd file. I followed the steps provided in the solution as well still I am unable to traverse the file path. Please help in completing this lab exercise. Thanks
The Solution works for us. Make sure you’re using the payload in the correct parameter.
I am modifying the web parameter as below
GET /image?filename=../../../etc/passwd HTTP/1.1
I am getting the output as "The image https://acf41f9d1e442cdc80c036d900eb0087.web-security-academy.net/image?filename=31.jpg cannot be displayed because it contains errors."
Instead of getting the contents of the passwd file I am receiving the above error message. Please let me know if I am doing anything incorrectly.
Are you using Burp to submit the payload?
The lab worked for us in our testing. We’ll check through it again when we get a chance and let you know if we can reproduce your issue.