Path Traversal

Identifying the Local File Inclusion (LFI) Vulnerability While working on the skills assessment for the File Inclusion module, I first checked whether the target website was vulnerable to Local File Inclusion (LFI). The website had a query parameter called page in the URL, as shown below: http://<IP>/index.php?page=<page name> When I attempted to traverse directories using relative paths, like ../../../../etc/passwd, I encountered an error message: “Invalid input detected!”. Directory Enumeration with ffuf To explore available pages on the site, I used the ffuf tool to fuzz the directories: ...

Page Source Inspection The actual functionality of uploading and downloading files weren’t working so I looked at the page source. I saw this portion of the source: const searchFile = async () => { let formData = new FormData(searchForm); console.log([...formData][0]); let response = await fetch('/search/' + [...formData][0][1], { method: 'GET', }); searchWrapper.hidden = false; if (response.status === 200) { searchMessage.innerHTML = 'File found. Download link: <a href="/download/' + [...formData][0][1] + '">Download</a>'; } else { searchMessage.innerHTML = 'File not found.'; } } If we look closer, once a file is found from the search bar (or the search functionality), there will be a linked provided by the site that accesses the path of that file: ...