Tags: web path-traversal websec 

Rating:

This one's a short one. First up, judging by the description, this web server is probably running [tiny-web-server](https://github.com/shenfeng/tiny-web-server). And if you look at the issue tracker, a huge issue is one that involves [path traversal](https://github.com/shenfeng/tiny-web-server/issues/2).

So, as a quick test, let's load up the webserver and append a `/` to the root path to see if we can maybe access the root of the drive, like so: [http://ctf.cscml.zenysec.com:20001//](http://ctf.cscml.zenysec.com:20001//).

And wow, the entire file tree for the root of the drive comes up. Now it's as simple as navigating to the `home/ctf` directory and opening the `flag.txt` file: [http://ctf.cscml.zenysec.com:20001//home/ctf/flag.txt](http://ctf.cscml.zenysec.com:20001//home/ctf/flag.txt).