From b1cf0856b0b96fe347eaa54ca2d83049a8d89e7c Mon Sep 17 00:00:00 2001
From: ARZ <60057481+AbdullahRizwan101@users.noreply.github.com>
Date: Fri, 29 Oct 2021 16:37:47 +0500
Subject: [PATCH] Create Lab1-2.md
---
Portswigger/Directory Traversal/Lab1-2.md | 38 +++++++++++++++++++++++
1 file changed, 38 insertions(+)
create mode 100644 Portswigger/Directory Traversal/Lab1-2.md
diff --git a/Portswigger/Directory Traversal/Lab1-2.md b/Portswigger/Directory Traversal/Lab1-2.md
new file mode 100644
index 0000000..12f89d2
--- /dev/null
+++ b/Portswigger/Directory Traversal/Lab1-2.md
@@ -0,0 +1,38 @@
+# Portswigger Directory Traversal Lab-1 & 2
+
+## File path traversal, simple case
+
+This lab is about performing directory traversal or Local File inclusion which means that we can view files on the server. So we have to read `passwd` file through `image` parameter in order to complete the lab
+
+
+
+We are given this web page and we can see some images being loaded , so by looking at the source we can see how they are being retrieved
+
+
+
+Here there's a GET parameter named `image` which is getting the image file , we can try to request `/etc/passwd` file
+
+
+
+
+But it says `No such file` , we are in images directory and we need to go up a directory till we can we reach the root `/` directory and request the file `/etc/passwd`
+
+
+
+This gives an error but it's different , it can't view the file because it's expecting an image so let's just download it and see if we actually grabbed the passwd file
+
+
+
+## File path traversal, traversal sequences blocked with absolute path bypass
+
+This lab is somewhat similar to the previous one but we can request a file using it's absolute path i.e `/etc/passwd` .
+
+
+
+The web page is the same so we need to abuse the same GET parameter
+
+
+
+This gives us the error meaning that we are sucessful in requesting the file
+
+