Practitioner Lab 2: File path traversal, traversal sequences stripped non-recursively

 This lab contains a path traversal vulnerability in the display of product images.

The application strips path traversal sequences from the user-supplied filename before using it.

To solve the lab, retrieve the contents of the /etc/passwd file.



The first thing I do is look at the website and how it is working

I see a lot of images so I can use Burp Suite to look at where are all these images coming from



Here I can see the request for all these images

I will try to change it for another file name to see if I can get it

I know it is stripped so I will probably have to use // of them to get it to work.



When I try to use the absolute path it doesn’t work because it it stripped.

Now I will use the double to see how it works



It took me a while but I figured out how it worked. This way it works when it is filtered.



Comments

Post a Comment

Popular posts from this blog

Vulnerability Management(Nessus)

Image
Welcome to the vulnerability management lab! In this lab, I will be using Nessus to identify and prioritize vulnerabilities within the Virtual machine. Nessus is a powerful vulnerability scanner that allows us to scan our network and systems for known vulnerabilities, misconfigurations, and other weaknesses that could potentially be exploited by malicious actors.  In this lab, I set up Nessus Essentials, installed Windows 10 inside a virtual machine using VMware Workstation Player, added some outdated software, and performed vulnerability checks on the virtual machine to look for any potential security flaws. Later, I make an effort to fix some of the flaws. I first start by downloading, Vmware Workstation, a windows 10 iso and Nessus. It is crucial to set the network adapter to bridged while constructing the Windows virtual machine. It connects the virtual machine to the physical computer's network so that Nessus can communicate with the virtual machine effortlessly. After complet...
Read more

Active Directory Home Lab

Image
In this lab, I'll be utilizing Oracle VirtualBox to run an active directory. I'm undertaking this lab to learn more about Windows networking and how Active Directory functions. Installing VirtualBox will be the first step in getting the virtual machines up and running. I'll next install Windows 10 and Windows Server 2019 isos, which I'll use to set up two different virtual machines with two different operating systems. The domain controller, which will host the active directory, will be the first virtual machine. I'm going to give this virtual machine two network adapters, one for connecting to the public internet and the other for connecting to VirtualBox, which will act as a sort of virtual private network for the clients   After creating the virtual machine, I'll install Server 2019 on it and then assign it an IP address for the internal network. The external network will automatically obtain IP addresses from the home network. I can tell if the adapter is ...
Read more

Lab 2 Access Controls

Image
  Like usual I start by opening the page and seeing what it has to offer in terms of any vulnerabilities. I then go to robots.txt because it often has information about admin pages that could be found. If it not found there then I would probably try to brute force the admin pages. In the robots.txt I found that they don’t want crawlers on the /administrator-panel. This is an admin panel that a normal user might not have access to. But it is always good to try in case the website doesn’t have any verification or security when it comes to accessing unauthorized pages. The page is not checking to see if I am authorized to access the page as such it gives me full admin access right away. I then deleted the user without ever having to sign in or have any type of admin authorization.
Read more