Labs Covered

This write-up focuses on the following APPRENTICE-level lab from the PortSwigger Web Security Academy:

1 File path traversal, simple case

This lab demonstrates how attackers can exploit insufficient validation of user-supplied file paths to read arbitrary files on the server.

---

LAB 1 - File path traversal, simple case

Lab Description :

Overview:

Solution :

When we load the page, we get several items with its images, a request is being made to retreive the images from the server.

The captured request looks like ,

To retrieve /etc/passwd:

GET /image?filename=../../../etc/passwd

And lab is solved