A3:2021 | Path Transversal (3) | Cycubix Docs

Path traversal while uploading files

The developer became aware of the vulnerability and implemented a fix that removed the ../ from the input. Again the same assignment, but can you bypass the implemented fix?

Solution

Just like in the previous lab, we will upload an image and intercept the request with ZAP or Burp.
Once we intercept it we analyze the POST request and we think how to bypass it. One of the hints says "The new and improved version removes ../ from the input, can you bypass this?".
We will try to bypass it with
```
....//test
```
Now check the response on Zap.

PreviousA3:2021 | Path Transversal (2) | Cycubix Docs NextA3:2021 | Path Transversal (4) | Cycubix Docs

Last updated 10 days ago