webProeasy

Path Traversal

hackerdna

Task: Vulnerable Apache 2.4.49 file server with CGI script accepting file parameter. Solution: Path traversal via unsanitized file parameter to read /flag.txt using ../ sequences.

$ ls tags/ techniques/

lfi path_traversal file_read apache directory_traversal cve-2021-41773 cgi

Path traversal via unsanitized file parameterDirectory traversal with ../ sequencesCGI script parameter injectionApache 2.4.49 CVE-2021-41773 identification

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[pentest][free]WingData (Wing FTP RCE → Python tarfile PATH_MAX bypass)— hackthebox
[web][Pro]Lab 209 — BuildForge — Path Traversal in Static File Serving— hackadvisor
[infra][Pro]Скрипт-кидди (Script-kiddie)— hackerlab
[web][Pro]FAVn— web-kids20
[forensics][Pro]Log Hunter— hackerdna