The developer became aware of the vulnerability and implemented a fix that removed the ../ from the input. Again the same assignment, but can you bypass the implemented fix?
Solution
Just like in the previous lab, we will upload an image and intercept the request with ZAP or Burp.
Once we intercept it we analyze the POST request and we think how to bypass it. One of the hints says "The new and improved version removes ../ from the input, can you bypass this?".
