Apr 3, 2023
File path traversal, simple case
the initial step is to examine how the website functions. It is an e-commerce website that features a number of interesting products. It is advisable to read the product descriptions, even though it does not help with the lab.
Start by using /etc/passwd as the filename and adding some ../ to the beginning. It results in a “No such file” error with ../../etc/passwd, but once I go up three levels, this changes:
Mohammed Tiba