CTFtime.org / picoCTF 2022 / Forbidden Paths / Writeup

# Forbidden Paths - picoCTF 2022 - CMU Cybersecurity Competition
Web Exploitation, 200 Points

## Description

![‏‏info.JPG](images/info.JPG)

## Forbidden Paths Solution

By browsing the [website](http://saturn.picoctf.net:53295/) from the challenge description we can see the following web page:

![webpage.JPG](images/webpage.JPG)

According to the challenge description, we know we are on ```/usr/share/nginx/html/``` and the flag located on ```/flag.txt```,

Meaning that we need to read the path ```../../../../flag.txt```.

By reading this path we get the flag ``` picoCTF{7h3_p47h_70_5ucc355_26b22ab3}```.

Original writeup (https://github.com/evyatar9/Writeups/tree/master/CTFs/2022-picoCTF2022/Web_Exploitation/200-Forbidden_Paths).

Forbidden Paths