Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Lab: File path traversal, simple case - Unable to complete the lab exercise

Manzoor | Last updated: Jul 15, 2019 07:32AM UTC

Hi I tried to traverse the file path in the lab exercise "File path traversal, simple case" as directed in the instructions however I am unable to retrieve the contents of /etc/passwd file. I followed the steps provided in the solution as well still I am unable to traverse the file path. Please help in completing this lab exercise. Thanks

Liam, PortSwigger Agent | Last updated: Jul 16, 2019 10:54AM UTC

The Solution works for us. Make sure you're using the payload in the correct parameter.

Burp User | Last updated: Jul 16, 2019 12:11PM UTC

Hi I am modifying the web parameter as below GET /image?filename=../../../etc/passwd HTTP/1.1 I am getting the output as "The image https://acf41f9d1e442cdc80c036d900eb0087.web-security-academy.net/image?filename=31.jpg cannot be displayed because it contains errors." Instead of getting the contents of the passwd file I am receiving the above error message. Please let me know if I am doing anything incorrectly. Thanks

Liam, PortSwigger Agent | Last updated: Jul 16, 2019 02:59PM UTC

Are you using Burp to submit the payload?

Burp User | Last updated: Jul 19, 2019 06:44AM UTC

Yes I am using Burp to submit the payload.

Liam, PortSwigger Agent | Last updated: Jul 22, 2019 09:58AM UTC

The lab worked for us in our testing. We'll check through it again when we get a chance and let you know if we can reproduce your issue.

Mukesh | Last updated: Dec 07, 2022 11:57AM UTC

I am also facing the same issue... Please check and confirm. Thanks

Ben, PortSwigger Agent | Last updated: Dec 07, 2022 05:51PM UTC

Hi Mukesh, I can solve the lab using the solution provided so it does appear to be working as expected. Are you able to provide us with any details of the request that you are sending to try and solve the lab so that we can take a look at this for you?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.