⛳️ picoCTF2022: Forbidden Paths
- 1 minForbidden Paths
AUTHOR: LT ‘SYREAL’ JONES
Description
Can you get the flag? Here’s the website. We know that the website files live in
/usr/share/nginx/html/and the flag is at/flag.txtbut the website is filtering absolute file paths. Can you get past the filter to read the flag?Points: 200
This is a classic problem of file inclusion. If you want to learn more what the file inclusion is? 🤔 Check out my local file inclusion writeup. I explain it in details and link with informative resources for you to dive deeper.
Come back to the problem. First thing first, let’s go the website.
There is nothing really, excepts the input box that we can do something with. From the description, it says “the website is filtering absolute file paths”. Should we try if that is true?
Yepper, it show back Not Authorized.
So what else can we do to access files? A relative path it is.
What is a relative path?
How can we get the relative path of /flag.txt?
Instead of entering /flag.txt, we can enter ../../../../flag.txt.
And there we go 🚩
✍️ Note:
when it comes to a relative path, you can do ../ as many as levels of directory or more. In this case, you can do ../../../../../../../flag.txt; that will still bring you to /.