Blog: Difference between revisions

Web administartor is building a new blog to document web development related news and events.

Website is still under construction but some security has been implemented.

50pts

Use the weakness in the web application to read a secret file at /var/backup/secret.txt

The webpage uses the same solution as before, i.e. it retrieves the content of the webpage from the file. However, when I tried the previous task of moving from one ../ folder to another, a "security" was created for that page which disables that command.

I was looking for common other ways to move from one folder to another and found the following webpage, which lists very well the different types of attacks.

https://book.hacktricks.xyz/pentesting-web/file-inclusion

I tried the following commands

\..\..
..%252f..%252f..%252f..
./..//
....//....//

At some point I noticed, when I tried the ....//....// command, that the check only removes the ../ text once, but in this case when there were more characters it left just the right number of characters.

At some point I noticed, when I tried the ....//....// command, that the check only removes the ../ text once, but in this case when there were more characters it left just the right number of characters.

By taking advantage of this, I was able to open up the right file. ....//....//....//var/backup/secret.txt

• Browser
• Common path traversal - https://book.hacktricks.xyz/pentesting-web/file-inclusion

ctftech{hello-world}}

• Back to CTF Challenges page