/usr/share/nginx/html/
and the flag is at /flag.txt
but the website is filtering absolute file paths. Can you get past the filter to read the flag?/
and then access flag.txt
: ../../../../flag.txt
. We know to go up 4 directories because /usr/share/nginx/html/
is 4 subdirectories from /
. Clicking "Read" displays the flag.picoCTF{7h3_p47h_70_5ucc355_6db46514}