From 4d9d5fc6c3a8d63b47467ade862c68100c1bce9f Mon Sep 17 00:00:00 2001
From: ARZ <60057481+AbdullahRizwan101@users.noreply.github.com>
Date: Fri, 29 Oct 2021 16:38:16 +0500
Subject: [PATCH] Create Lab4.md

---
 Portswigger/Directory Traversal/Lab4.md | 29 +++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 Portswigger/Directory Traversal/Lab4.md

diff --git a/Portswigger/Directory Traversal/Lab4.md b/Portswigger/Directory Traversal/Lab4.md
new file mode 100644
index 0000000..63fe5ef
--- /dev/null
+++ b/Portswigger/Directory Traversal/Lab4.md	
@@ -0,0 +1,29 @@
+# Portswigger Directory Traversal Lab-4
+
+## File path traversal, traversal sequences stripped with superfluous URL-decode
+
+In this lab we have to perform LFI to read `passwd`  file but this time those traversal sequences are removed from the url 
+
+<img src="https://i.imgur.com/uAfHXRO.png"/>
+
+We follow the same the url where there's a GET parameter  `image` that is loading the image file
+
+<img src="https://i.imgur.com/axLX9Cb.png"/>
+
+If we try to do `../` or `.././` it will not work
+
+<img src="https://i.imgur.com/C6lwqJ2.png"/>
+
+So let's try to url encode `../` and see if this works
+
+<img src="https://i.imgur.com/2TnqUY7.png"/>
+
+<imgs src="https://i.imgur.com/Q0KQkKB.png"/>
+
+This didn't work so let's url encode it again and make it double url encoded 
+
+<img src="https://i.imgur.com/kwLTxyZ.png"/>
+
+<img src="https://i.imgur.com/jNaHduM.png"/>
+
+<img src="https://i.imgur.com/eq6YwRO.png"/>