Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Lab: File path traversal, simple case - Unable to complete the lab exercise

Manzoor Mustafa Jul 15, 2019 07:32AM UTC

Hi
I tried to traverse the file path in the lab exercise "File path traversal, simple case" as directed in the instructions however I am unable to retrieve the contents of /etc/passwd file. I followed the steps provided in the solution as well still I am unable to traverse the file path. Please help in completing this lab exercise. Thanks


Liam Tai-Hogan Jul 16, 2019 11:05AM UTC Support Center agent

The Solution works for us. Make sure you’re using the payload in the correct parameter.


Manzoor Mustafa Jul 16, 2019 12:11PM UTC
Hi
I am modifying the web parameter as below
GET /image?filename=../../../etc/passwd HTTP/1.1
I am getting the output as "The image https://acf41f9d1e442cdc80c036d900eb0087.web-security-academy.net/image?filename=31.jpg cannot be displayed because it contains errors."

Instead of getting the contents of the passwd file I am receiving the above error message. Please let me know if I am doing anything incorrectly.
Thanks

Liam Tai-Hogan Jul 18, 2019 11:01AM UTC Support Center agent

Are you using Burp to submit the payload?


Manzoor Mustafa Jul 19, 2019 06:44AM UTC
Yes I am using Burp to submit the payload.

Liam Tai-Hogan Jul 22, 2019 09:58AM UTC Support Center agent

The lab worked for us in our testing. We’ll check through it again when we get a chance and let you know if we can reproduce your issue.


Post Your public answer

Your name
Your email address
Answer