Labs / Simple Directory Traversal
- Challenge
- Released 29 Sep 2025
📁 Can you escape the directory and access restricted files?
This simple file viewer uses direct string concatenation to build file paths, creating the perfect opportunity for directory traversal attacks. 📁 Directory traversal is a fundamental web vulnerability that allows attackers to access files outside the intended directory, potentially exposing sensitive system files and configuration data. The application trusts user input without validation - a classic mistake that opens the door to file system exploitation! 🎯
Start Lab Environment
📁 Simple Directory Traversal
🎯 Learning Objectives
- 📁 Directory Traversal: Understand how path manipulation can access restricted files
- 🔍 Path Injection: Learn how to use ../ sequences to traverse directories
- 🗂️ File System Exploitation: Master techniques for accessing sensitive system files
- 🚀 Input Validation: Exploit fundamental file path validation flaws
🏢 Scenario
You've discovered a simple file viewer application that allows users to view text files from a specific directory. The application uses direct string concatenation to build file paths, creating a classic directory traversal vulnerability. The system flag is stored in a file outside the intended directory.
🔍 Your Mission
Investigate the file viewing functionality, identify how user input is processed in file paths, use directory traversal techniques to access files outside the intended directory, and retrieve the flag from the system. The goal is to understand this fundamental web vulnerability through hands-on exploitation.