In this video, we cover Lab #1 in the Directory Traversal Vulnerabilities module of the Web Security Academy. This lab contains a file path traversal vulnerability in the display of product images. The application validates that the supplied filename ends with the expected file extension. To solve the lab, we retrieve the contents of the /etc/passwd file.

▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬

Notes.txt document: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/directory-traversal/lab-01/notes.txt

Python script: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/directory-traversal/lab-01/directory-traversal-lab-01.py

Web Security Academy Exercise Link: https://portswigger.net/web-security/file-path-traversal/lab-simple

Rana's Twitter account: https://twitter.com/rana__khalil