Simple Directory Traversal

📁 Can you escape the directory and access restricted files?

Challenge 23 Nov 2025 Pro Exclusive Solution (Pro)

This simple file viewer uses direct string concatenation to build file paths, creating the perfect opportunity for directory traversal attacks. 📁 Directory traversal is a fundamental web vulnerability that allows attackers to access files outside the intended directory, potentially exposing sensitive system files and configuration data. The application trusts user input without validation - a classic mistake that opens the door to file system exploitation! 🎯

1

Flags

5

Points

70%

Success Rate

Start Your Challenge

~1-2 min setup

Dedicated server

Private instance

Industry standard

Stuck? Get the Solution

Stop wasting hours. Get the official step-by-step walkthrough and learn the right techniques.

All solutions Learning Mode Unlimited hints Archived labs

Unlock with Pro

Simple Directory Traversal

Challenge 5 points

Writeup Guidelines

Share your solution approach, methodology, and insights. Your writeup will be reviewed before being published to the community. Earn +5 bonus points when your writeup is approved!

Requirements:

No flag content: Do not reveal actual flag values or passwords in your writeup
Include lab link: Your writeup must contain a direct link to this lab for reference
Educational focus: Explain your methodology, tools used, and learning insights

Writeup URL *

Link to your blog post, GitHub repository, or any platform where you've published your writeup
Remember to include this lab's URL in your writeup: https://hackerdna.com/labs/simple-directory-traversal

Language *

Help others find writeups in their preferred language

Confirmation Required

I confirm that my writeup includes a direct link to this lab

Your writeup must reference this lab's URL: https://hackerdna.com/labs/simple-directory-traversal

I confirm that my writeup does NOT contain flag content or critical information

Do not include actual flags, passwords, or other sensitive information that would spoil the challenge