PicoCTF2022 - Forbidden Paths
Description
Can you get the flag? Here's the website. We know that the
website files live in /usr/share/nginx/html/ and the flag is at /flag.txt but the
website is filtering absolute file paths. Can you get past the filter to read the flag?
Information
Point Value: 200 points
Category: Web Exploitation
Hints
(None)
Solution
We can use relative file paths to get to the file. We know that in file paths, using ./ references
the current directory, while .// references the parent directory directly abovethe current one we
are in. We know that we are currently in /usr/share/nginx/html/ while the file we want to access is
in /flag.txt, so we use the relative path ../../../../flag.txt to go up four
subdirectories to the directory that contains the flag txt file. Enter the relative path
../../../../flag.txt in the input box and click the Read button. Copy and paste the flag
displayed on the page.