Burp Suite User Forum

Login to post

Lab: File path traversal, simple case - Unable to complete the lab exercise

Manzoor | Last updated: Jul 15, 2019 07:32AM UTC

Hi I tried to traverse the file path in the lab exercise "File path traversal, simple case" as directed in the instructions however I am unable to retrieve the contents of /etc/passwd file. I followed the steps provided in the solution as well still I am unable to traverse the file path. Please help in completing this lab exercise. Thanks

Liam, PortSwigger Agent | Last updated: Jul 16, 2019 10:54AM UTC

The Solution works for us. Make sure you're using the payload in the correct parameter.

Burp User | Last updated: Jul 16, 2019 12:11PM UTC

Hi I am modifying the web parameter as below GET /image?filename=../../../etc/passwd HTTP/1.1 I am getting the output as "The image https://acf41f9d1e442cdc80c036d900eb0087.web-security-academy.net/image?filename=31.jpg cannot be displayed because it contains errors." Instead of getting the contents of the passwd file I am receiving the above error message. Please let me know if I am doing anything incorrectly. Thanks

Liam, PortSwigger Agent | Last updated: Jul 16, 2019 02:59PM UTC

Are you using Burp to submit the payload?

Burp User | Last updated: Jul 19, 2019 06:44AM UTC

Yes I am using Burp to submit the payload.

Liam, PortSwigger Agent | Last updated: Jul 22, 2019 09:58AM UTC

The lab worked for us in our testing. We'll check through it again when we get a chance and let you know if we can reproduce your issue.

You need to Log in to post a reply. Or register here, for free.