Forbidden Paths

Description

Can you get the flag?Here’s the website.We know that the website files live in /usr/share/nginx/html/ and the flag is at /flag.txt but the website is filtering absolute file paths. Can you get past the filter to read the flag?

Solutions

On the website, we encountered a list of three text files and were tasked with entering the name of the file we wanted to read. The description revealed that the flag is stored in /flag.txt, but the website was designed to filter out absolute file paths.

To bypass this filter, we devised a strategy. We needed to navigate to the root directory first. To achieve this, we went back (..) and then entered flag.txt, creating the path ../../../../flag.txt. This path allowed us to access the flag and obtain it.

flag: picoCTF{7h3_p47h_70_5ucc355_6db46514}