Path traversal while uploading files

The developer again became aware of the vulnerability by not validating the input of the full name input field. A fix was applied in an attempt to solve this vulnerability.

Again the same assignment, but can you bypass the implemented fix?

Solution with ZAP

• Hints: Take a look what happened to the file name. Can we still manipulate the request?. You can try to use a proxy to intercept the POST request. Try updating the profile WebGoat will display the location.

• We will have to see then how we can bypass the implemented fix. In this case by adding the already known pattern from the previous exercises ../ we can find a way to bypass the fix.

Solution with BURP

• Hint: Take a look what happened to the file name. You can try to use a proxy to intercept the POST request.

• Open the Interceptor on Burp and find the POST request. You will see that the file name used to write the image to the disk is taken directly from the name of the file passed to the webapp. In this case is xss 2.png

• We can manipulate the request by adding ../ in front of the file name.