Solving Portswigger Academy: File path traversal, traversal sequences blocked with absolute path bypass
In this lab the challenge is to read the contents of /etc/passwd file but here attacker can’t use the traversal sequence ../../ as it is blocked.
An absolute path starts from the root(/) directory till the full path and in relative path you just traverse using the notation ../ as you know the exact location of any file. You can read more about the paths here.
Again in burp suite, click on filter settings and select images, using this you are able to see the URL which requests the images.
Now select any request and send it to repeater for further testing.
As in earlier challenge we used ../../etc/passwd to read the contents, lets do it again in this challenge. It says bad request, looks like the payload is blocked.
Now lets try with the absolute path i.e. without ../ notations.
We are able to solve the challenge using absolute path.
You can also fuzz this, I am using pro version so there are list of built in payloads. Send the request to the intruder and select the payload list fuzzing-path traversal. Once you select that you will see {base} or {file}. To add your file here you can use match and replace from Payload processing section. In Match regex section, use (\{base}) or (\{file}) and replace it with etc/passwd.
