Skip to content

Latest commit

 

History

History
41 lines (28 loc) · 928 Bytes

README.md

File metadata and controls

41 lines (28 loc) · 928 Bytes
Raw

picoCTF 2022: Forbidden Paths

Author: LT 'syreal' Jones

Web_Exploitation category Score: 200 Solved

Description

Can you get the flag?
Here's the website.

We know that the website files live in /usr/share/nginx/html/ and the flag is at /flag.txt but the website is filtering absolute file paths. Can you get past the filter to read the flag?

Hints

None

Summary

Instead of the absolute file path enter a relative one. Enter

../../../../flag.txt

to the input field and read the flag.

Flag

Show flag 
 picoCTF{7h3_p47h_70_5ucc355_32e3a320}