mirror of
https://github.com/AbdullahRizwan101/CTF-Writeups
synced 2024-11-22 03:53:03 +00:00
Create Lab1-2.md
This commit is contained in:
parent
5004f771bc
commit
b1cf0856b0
1 changed files with 38 additions and 0 deletions
38
Portswigger/Directory Traversal/Lab1-2.md
Normal file
38
Portswigger/Directory Traversal/Lab1-2.md
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
# Portswigger Directory Traversal Lab-1 & 2
|
||||||
|
|
||||||
|
## File path traversal, simple case
|
||||||
|
|
||||||
|
This lab is about performing directory traversal or Local File inclusion which means that we can view files on the server. So we have to read `passwd` file through `image` parameter in order to complete the lab
|
||||||
|
|
||||||
|
<img src="https://i.imgur.com/KN3om6p.png"?>
|
||||||
|
|
||||||
|
We are given this web page and we can see some images being loaded , so by looking at the source we can see how they are being retrieved
|
||||||
|
|
||||||
|
<img src="https://i.imgur.com/NBAXNbA.png"/>
|
||||||
|
|
||||||
|
Here there's a GET parameter named `image` which is getting the image file , we can try to request `/etc/passwd` file
|
||||||
|
|
||||||
|
|
||||||
|
<img src="https://i.imgur.com/1nzvVDF.png"/>
|
||||||
|
|
||||||
|
But it says `No such file` , we are in images directory and we need to go up a directory till we can we reach the root `/` directory and request the file `/etc/passwd`
|
||||||
|
|
||||||
|
<img src="https://i.imgur.com/78y7xL0.png"/>
|
||||||
|
|
||||||
|
This gives an error but it's different , it can't view the file because it's expecting an image so let's just download it and see if we actually grabbed the passwd file
|
||||||
|
|
||||||
|
<img src="https://i.imgur.com/dbbZ2I6.png"/>
|
||||||
|
|
||||||
|
## File path traversal, traversal sequences blocked with absolute path bypass
|
||||||
|
|
||||||
|
This lab is somewhat similar to the previous one but we can request a file using it's absolute path i.e `/etc/passwd` .
|
||||||
|
|
||||||
|
<img src="https://i.imgur.com/hkycXNO.png"/>
|
||||||
|
|
||||||
|
The web page is the same so we need to abuse the same GET parameter
|
||||||
|
|
||||||
|
<img src="https://i.imgur.com/kkIputd.png"/>
|
||||||
|
|
||||||
|
This gives us the error meaning that we are sucessful in requesting the file
|
||||||
|
|
||||||
|
<img src="https://i.imgur.com/21LfZzI.png"/>
|
Loading…
Reference in a new issue