.png)
8 hours ago
8 BOOK THIS SPACE FOR AD
ARTICLE AD
Path traversal is also known as directory traversal. These vulnerabilities enable an attacker to read arbitrary files on the server that is running an application. This might include:
Application code and data.Credentials for back-end systems.Sensitive operating system files.Lab description:
This lab contains a path traversal vulnerability in the display of product images. The application blocks traversal sequences but treats the supplied filename as being relative to a default working directory.
To solve the lab, retrieve the contents of the /etc/passwd file.
Steps:
Let’s Access the lab and Opening any product.
Let’s try to find the filename in the application to get access to the path traversal vulnerability. If we open the product image in new tab then we notice the filename here.
Now, Start the Burp and intercept requests. Let’s send it to the Repeater and then drop this request. Then we change the value of the “filename” parameter to a path that leads to “/etc/passwd” and click “Send”.
As a result, the response will display basic information about the users registered in the system. Finally, we completed the lab.
Happy Learning…..!
Bengali (Bangladesh) · 
English (United States) ·