Avatar

Labs / Path Traversal

  • Daily Challenge
  • Released 18 Jul 2025
The lab needs to be started first.
Need help to start?
Daily Challenge

Path Traversal - Complete Solution Walkthrough

Step 1: Understand the Vulnerability

  1. The challenge runs a vulnerable CGI script that allows file access
  2. The script takes a file parameter without proper validation
  3. Path traversal sequences like ../ are not filtered
  4. This allows access to files outside the web root directory

Step 2: Identify the Attack Vector

  1. Access the web server at the target URL
  2. Navigate to the File Viewer: /vulnerable.cgi
  3. The vulnerable endpoint is: /vulnerable.cgi?file=
  4. This CGI script allows file access without proper validation

Step 3: Craft the Path Traversal Payload

  1. Use the following payload: ?file=../../../../flag.txt
  2. The script concatenates the file parameter to: /usr/local/apache2/htdocs/
  3. This results in: /usr/local/apache2/htdocs/../../../../flag.txt
  4. Which resolves to: /flag.txt in the container root

Step 4: Execute the Attack

  1. Send a request to: http://target/vulnerable.cgi?file=../../../../flag.txt
  2. The CGI script will process the path traversal
  3. This will access the flag file outside the web root
  4. The flag is: 7a9b8c1d-2e3f-4a5b-6c7d-8e9f0a1b2c3d

Step 5: Alternative Exploitation Methods

  1. Try different path traversal sequences: ../../../flag.txt, ../../flag.txt
  2. URL encode the payload: %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2f%2e%2f%2e%2f%2e%2fflag.txt
  3. Explore other files: ?file=../../../../etc/passwd
  4. Test different directory levels to find the correct path

Security Implications

  • Input Validation: Always validate and sanitize file paths, especially in CGI scripts.
  • Path Traversal: Common vulnerability that allows unauthorized file access.
  • CGI Security: CGI scripts must be carefully secured to prevent exploitation.
  • File Access Control: Implement proper access controls to prevent unauthorized file reading.
  • Defense in Depth: Use multiple layers of security to prevent path traversal attacks.
  • Code Review: Regular security audits can catch such vulnerabilities before deployment.