A3:2021 | Path Transversal (3) | Cycubix Docs
Path traversal while uploading files
The developer became aware of the vulnerability and implemented a fix that removed the ../ from the input. Again the same assignment, but can you bypass the implemented fix?
Solution
- Just like in the previous lab, we will upload an image and intercept the request with ZAP or Burp.
- Once we intercept it we analyze the POST request and we think how to bypass it. One of the hints says “The new and improved version removes
../from the input, can you bypass this?”. -
We will try to bypass it with
....//test - Now check the response on Zap.
.png)