Mirrors/CTF-Writeups
2
0
Fork 0
mirror of https://github.com/AbdullahRizwan101/CTF-Writeups synced 2024-11-21 19:43:03 +00:00
Code Issues Projects Releases Packages Wiki Activity

Create Lab4.md

Browse source
This commit is contained in:
ARZ 2021-10-29 16:38:16 +05:00 committed by GitHub
parent 3787b6cc8f
commit 4d9d5fc6c3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 29 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
Portswigger/Directory Traversal/Lab4.md Normal file
View file

@ -0,0 +1,29 @@
# Portswigger Directory Traversal Lab-4
## File path traversal, traversal sequences stripped with superfluous URL-decode
In this lab we have to perform LFI to read `passwd` file but this time those traversal sequences are removed from the url
<img src="https://i.imgur.com/uAfHXRO.png"/>
We follow the same the url where there's a GET parameter `image` that is loading the image file
<img src="https://i.imgur.com/axLX9Cb.png"/>
If we try to do `../` or `.././` it will not work
<img src="https://i.imgur.com/C6lwqJ2.png"/>
So let's try to url encode `../` and see if this works
<img src="https://i.imgur.com/2TnqUY7.png"/>
<imgs src="https://i.imgur.com/Q0KQkKB.png"/>
This didn't work so let's url encode it again and make it double url encoded
<img src="https://i.imgur.com/kwLTxyZ.png"/>
<img src="https://i.imgur.com/jNaHduM.png"/>
<img src="https://i.imgur.com/eq6YwRO.png"/>