Add directory traversal (dot-dot-slash) solution

author: Thomas Vanbesien <tvanbesi@proton.me> 2026-03-27 11:25:49 +0100
committer: Thomas Vanbesien <tvanbesi@proton.me> 2026-03-27 11:25:49 +0100
commit: 86693ac50c3757ea52c8cc5b4c6b5ecc606db066 (patch)
tree: 1b83a313f7ffc45fcd79f7859833bc0a711e0ee7 /Directory traversal
parent: 3e0d34c9c02d467ac53842edd5949416c52a0bc4 (diff)
download: darkly-86693ac50c3757ea52c8cc5b4c6b5ecc606db066.tar.gz
darkly-86693ac50c3757ea52c8cc5b4c6b5ecc606db066.zip
2 files changed, 9 insertions, 0 deletions
diff --git a/Directory traversal/Resources/notes.md b/Directory traversal/Resources/notes.md
new file mode 100644
index 0000000..d4068b8
--- /dev/null
+++ b/Directory traversal/Resources/notes.md
@@ -0,0 +1,8 @@
+## Exploit
+
+1. Pages being fetched with a query parameter `page` (`http://10.0.2.15/?page=somePage`) expose the server to dot-dot-slash attack.
+1. We get the flag by requesting `http://10.0.2.15/?page=../../../../../../../etc/passwd`
+
+## Fix
+
+The problem is letting users directly input files to be included/read. Such input must be sanitized, with for example a strict list of allowed values, or rejecting input containing `../`.
diff --git a/Directory traversal/flag b/Directory traversal/flag
new file mode 100644
index 0000000..6048b78
--- /dev/null
+++ b/Directory traversal/flag
@@ -0,0 +1 @@
+b12c4b2cb8094750ae121a676269aa9e2872d07c06e429d25a63196ec1c8c1d0
author	Thomas Vanbesien <tvanbesi@proton.me>	2026-03-27 11:25:49 +0100
committer	Thomas Vanbesien <tvanbesi@proton.me>	2026-03-27 11:25:49 +0100
commit	86693ac50c3757ea52c8cc5b4c6b5ecc606db066 (patch)
tree	1b83a313f7ffc45fcd79f7859833bc0a711e0ee7 /Directory traversal
parent	3e0d34c9c02d467ac53842edd5949416c52a0bc4 (diff)
download	darkly-86693ac50c3757ea52c8cc5b4c6b5ecc606db066.tar.gz darkly-86693ac50c3757ea52c8cc5b4c6b5ecc606db066.zip