By | January 5, 2021

In this article we are telling you about File Path Traversal Vulnerability like what is File Path Traversal Vulnerability and how this bug is found in a website.

We have already told you about File Path Traversal Vulnerability. If you have read our article about Directory Path Traversal Vulnerability, then you will definitely know about it.

Here we are telling you live how File Path Traversal Vulnerability is found in a website, it is being told to you for educational purpose, you should never misuse it.

Note- This article is only for educational purpose. Don’t miss use your knowledge and skills.

File Path Traversal Vulnerability ?

Here we have told you about this earlier but here also you want to tell us something more about File Path Traversal Vulnerability Here we are telling you by solving labs of port swigger.

But we want to make you clear one thing here, there are also payloads of File Path Traversal Vulnerability as you have been told about the payload of Cross site scripting attacks.

If you try to understand File Path Traversal Vulnerability in easy language, in this way you can say that if you are able to collect such information of a website by traveling the path to a website, in such a way, the file Path Traversal Vulnerability in that website it occurs.

Also Read

What is web cache poisoning vulnerability

Host header injection attack

What is server side request forgery ssrf

Example of File Path Traversal Vulnerability ?

Here we are telling you by solving three labs of File Path Traversal Vulnerability, here you get more labs which you can try to solve by yourself. https://portswigger.net/web-security/file-path-traversal/lab-simple

File Path Traversal Vulnerability

Here first you have to access lab like we normally access a lab, here you have to access the etc passwd file. through File Path Traversal Vulnerability in all labs, similarly we have to do it in live website.

File Path Traversal Vulnerability

After accessing the lab, the home page opens in front of you in such a way as you can see in the image, you get a lot of products here, here you can open any product.

File Path Traversal Vulnerability

After opening the product, you have to capture the request by turning on the intercept in the burp suite as you can see in the image, here you capture the request of the product id, but when you forward the request from the same, you also have open something like this.

How to use burp suite

File Path Traversal Vulnerability

Here you have to make changes in the file name parameter as you can see in the image. After doing all this, you have to forward the request, after doing this, you get the content of the file path in the response.

File Path Traversal Vulnerability

After doing all this your lab gets solved, you can see in the image you have got a message show of congratulations here like we get on solving any labs here.

You will not be showing the response here but you will be told in this article how you can also check the response and also how to see the content of the etc passwd file

https://portswigger.net/web-security/file-path-traversal/lab-absolute-path-bypass

File Path Traversal Vulnerability

In this way you get other labs here, all you have to show the content of etc passwd file but just the methods are different, you have to use different methods while hunting bug in live website.

File Path Traversal Vulnerability

Here too, you have to do the same way and after lab access, you have to open any product and intercept on and capture the request as you can see in the image, the filename parameter will be shown in front of you.

File Path Traversal Vulnerability

You have to forward the request by making changes in the file name parameter, after doing this your lab also gets solved as if you can see you have got a message show of congratulations.

Here you get the url of filename in the history of burp suite, it shows you the content of etc passwd file in response as you can see in the image here you can check the response by sending this request to repeater.

what are dom based vulnerabilities

https://portswigger.net/web-security/file-path-traversal/lab-validate-start-of-path

In this way, you have to access its third lab here as well, here you must solve all the labs at once, so that you can understand how you can find File Path Traversal Vulnerability.

Here also you have to open any product after accessing the same lab as you can see in the image, here you get the filename parameter on request forwarding.

Here you have to make some changes to the filename parameter in this way, after doing all this you have to forward the request as you have been told in all the previous labs, you have to do the same here.

After doing all this your lab gets solved as you can see in the image, you have got a message show of congratulations here too, here you must solve its remaining labs yourself.

Here you are also given a list of payloads of File Path Traversal Vulnerability, all of which you can easily find on github’s website, you can also see them by google.

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Directory%20Traversal/README.md

The Conclusion

I hope now you can understand about File Path Traversal Vulnerability. We have told you here by solving three labs, in such a way you can try to solve the remaining labs yourself.

Before going practical about File Path Traversal Vulnerability, you need to go into detail about it, so you must read our earlier Directory Path Traversal Vulnerability article once.

If you have any kind of problem to solve its labs here, in such a way, you can ask us in a comment, we will help you completely, as well as if you have any kind of question, you can also ask Can

If you like this article of ours, then you must share it, we have given you many types of articles on bug bounty here, if you have not read them, you can also read them.

Subscribe to our blog for latest updates

Sharing is Caring

Thankyou

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *