Rating:

## Description

Can you get the flag?

Here's the [website](http://saturn.picoctf.net:53295/).

We know that the website files live in `/usr/share/nginx/html/` and the flag is at `/flag.txt` but the website is filtering absolute file paths. Can you get past the filter to read the flag?

## Solution

This website has the useful feature of reading any file we want it too, given its path. With file paths, a preceeding `./` means the current directory, and `../` means the enclosing directory. Since we know that we are in `/usr/share/nginx/html/`, and want to access `/flag.txt`, we can just use the path `../../../../flag.txt` to read the flag.

## Flag

*picoCTF{7h3_p47h_70_5ucc355_26b22ab3}*

Original writeup (https://github.com/FlyN-Nick/picoGymWriteups/blob/main/Web%20Exploitation/Forbidden%20Paths/Forbidden%20Paths.md).