Duy's Tinkerings

picoCTF 2022 | Forbidden Paths Write-up

Challenge description

Can you get the flag? Here’s the website. We know that the website files live in /usr/share/nginx/html/ and the flag is at /flag.txt but the website is filtering absolute file paths. Can you get past the filter to read the flag?

Category: Web Exploitation

Solution

First, I tried to input /flag.txt, but that sadly doesn’t work. After a few minutes of contemplation, I suddenly recalled how web browsers can be used as file browsers by simply replacing https:// with file://, followed by a destination (file:///, for example, will show you the contents of your root directory).

So I tried to input file:///flag.txt instead and voila!

Leguminosae

April 9, 2022

ctf, picoCTF, picoCTF 2022

picoCTF, picoCTF 2022, Web Exploitation

Leave a Reply Cancel reply

Enter your comment here…

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

picoCTF 2022 | Forbidden Paths Write-up

Challenge description

Solution

Share this:

Like this:

Leave a Reply Cancel reply