Server-side vulnerabilities lab solution series

Web Security Academy Lab: File path traversal

Exploiting directory structures to access unauthorized files

File path traversal, also known as directory traversal, is a type of attack technique that allows malicious actors to manipulate and navigate the file system of a server, potentially gaining unauthorized access to sensitive files and directories.

Lab solution

Once we access the lab URL we will be presented with a shopping page with different itens we can access.

Figure 1: Lab product display. Image by the author.

For this solution we can select “view details” of any product and then open Burp Suite. This time we will access the Proxy tab (1) and then Intercept tab (2). Now we can turn on interception (3).

One way to this solution is to open the image in a new tab (4), alternatively we can start intercepting before opening the product details. We will proceed with the first option this time.

Figure 2: Step by step to start intercepting. Image by the author.

Now that we are intercepting every request we can click the forward button until we have the GET parameter with the image filename. In the inspector tab we can change the request query parameters with the value we want or we can edit the request itself. The image below I used the inspector.

The value we want to input is ../../../etc/passwd, which is the file containing users information on Linux. After inserting the value we can forward the next requests.

Figure 3: Parameter value changed. Image by the author.

After completing the requests, select the HTTP history tab to see the results. Select the request we submitted and below it the response show us the requested file in plain text displaying all the registered users.

Figure 4: Response with file requested. Image by the author.

And that's it. This is a simple lab to get familiarized with Burp Suite. After refreshing the product page we can see the lab solved tag.

Figure 5: Lab solved. Image by the author.

File path traversal is a critical security vulnerability that can allow attackers to access sensitive files on a server by manipulating file paths. It often occurs due to insufficient input validation and can lead to severe consequences, including data breaches and unauthorized access to system files.

To mitigate this risk, developers must implement strong input validation, sanitize user inputs, and use secure functions for file handling. Regular security assessments and updates to the application code can further protect against this and other vulnerabilities. Ensuring robust security practices in the development process is essential for safeguarding applications from file path traversal attacks.