Labs / Path Traversal

Challenge
Released 18 Jul 2025

Path Traversal

Start the machine, hack the system, and find the hidden flags to complete this challenge and earn points!

1

Flags

1

Points

Challenge

Solution Available

Free Access

Start Lab Environment

Launch your dedicated AWS machine to begin hacking

~1-2 min setup

AWS dedicated

Private instance

Industry standard

Challenge

Path Traversal - Complete Solution Walkthrough

Step 1: Understand the Vulnerability

The challenge runs a vulnerable CGI script that allows file access
The script takes a file parameter without proper validation
Path traversal sequences like ../ are not filtered
This allows access to files outside the web root directory

Step 2: Identify the Attack Vector

Access the web server at the target URL
Navigate to the File Viewer: /vulnerable.cgi
The vulnerable endpoint is: /vulnerable.cgi?file=
This CGI script allows file access without proper validation

Step 3: Craft the Path Traversal Payload

Use the following payload: ?file=../../../../flag.txt
The script concatenates the file parameter to: /usr/local/apache2/htdocs/
This results in: /usr/local/apache2/htdocs/../../../../flag.txt
Which resolves to: /flag.txt in the container root

Step 4: Execute the Attack

Send a request to: http://target/vulnerable.cgi?file=../../../../flag.txt
The CGI script will process the path traversal
This will access the flag file outside the web root
The flag is: 7a9b8c1d-2e3f-4a5b-6c7d-8e9f0a1b2c3d

Step 5: Alternative Exploitation Methods

Try different path traversal sequences: ../../../flag.txt, ../../flag.txt
URL encode the payload: %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2f%2e%2f%2e%2f%2e%2fflag.txt
Explore other files: ?file=../../../../etc/passwd
Test different directory levels to find the correct path

Security Implications

Input Validation: Always validate and sanitize file paths, especially in CGI scripts.
Path Traversal: Common vulnerability that allows unauthorized file access.
CGI Security: CGI scripts must be carefully secured to prevent exploitation.
File Access Control: Implement proper access controls to prevent unauthorized file reading.
Defense in Depth: Use multiple layers of security to prevent path traversal attacks.
Code Review: Regular security audits can catch such vulnerabilities before deployment.

Path Traversal

Challenge 1 points

Writeup Guidelines

Share your solution approach, methodology, and insights. Your writeup will be reviewed before being published to the community. Earn +1 bonus point when your writeup is approved!

Requirements:

No flag content: Do not reveal actual flag values or passwords in your writeup
Include lab link: Your writeup must contain a direct link to this lab for reference
Educational focus: Explain your methodology, tools used, and learning insights

Writeup URL *

Link to your blog post, GitHub repository, or any platform where you've published your writeup
Remember to include this lab's URL in your writeup: https://hackerdna.com/labs/path-traversal

Language *

Help others find writeups in their preferred language

Confirmation Required

I confirm that my writeup includes a direct link to this lab

Your writeup must reference this lab's URL: https://hackerdna.com/labs/path-traversal

I confirm that my writeup does NOT contain flag content or critical information

Do not include actual flags, passwords, or other sensitive information that would spoil the challenge