This simple file viewer uses direct string concatenation to build file paths, creating the perfect opportunity for directory traversal attacks. 📁 Directory traversal is a fundamental web vulnerability that allows attackers to access files outside the intended directory, potentially exposing sensitive system files and configuration data. The application trusts user input without validation - a classic mistake that opens the door to file system exploitation! 🎯
You've discovered a simple file viewer application that allows users to view text files from a specific directory. The application uses direct string concatenation to build file paths, creating a classic directory traversal vulnerability. The system flag is stored in a file outside the intended directory.
Investigate the file viewing functionality, identify how user input is processed in file paths, use directory traversal techniques to access files outside the intended directory, and retrieve the flag from the system. The goal is to understand this fundamental web vulnerability through hands-on exploitation.
Enter your email to continue
Choose a username to get started
We've sent a 9-character code to your email