🧪 Lab Info

🔐 Vulnerability:

This lab contains a path traversal vulnerability in the display of product images.

🎯 Goal:

To solve the lab, retrieve the contents of the /etc/passwd file.

🪜 Steps to Solve

1. 🛍️ Open the lab and go to any product page.
2. 🔍 Click on "View details" of the product.
3. 🖱️ Right-click on the product image and choose "Open image in new tab".
4. 🔗 Observe the image URL, which will look like

🕵🏻 Let's Exploit It

💡 We're going to perform a directory traversal by modifying the filename parameter

<https://0a3c008f046c45dc804367ba00460059.web-security-academy.net/image?filename=../../../etc/passwd>

Like this and it will give us

and return to the lab it will be solved

Congrats u solved the lab 🎉