# Forbidden Paths

## Challenge

Can you get the flag? Here's the [website](http://saturn.picoctf.net:53864/). We know that the website files live in `/usr/share/nginx/html/` and the flag is at `/flag.txt` but the website is filtering absolute file paths. Can you get past the filter to read the flag?

## Solution

Use a relative path to get up to `/` and then access `flag.txt`: `../../../../flag.txt`. We know to go up 4 directories because `/usr/share/nginx/html/` is 4 subdirectories from `/`. Clicking "Read" displays the flag.

### Flag

`picoCTF{7h3_p47h_70_5ucc355_6db46514}`