Forbidden Paths
Can you get the flag? Here's the website. We know that the website files live in
/usr/share/nginx/html/ and the flag is at /flag.txt but the website is filtering absolute file paths. Can you get past the filter to read the flag?Use a relative path to get up to
/ and then access flag.txt: ../../../../flag.txt. We know to go up 4 directories because /usr/share/nginx/html/ is 4 subdirectories from /. Clicking "Read" displays the flag.picoCTF{7h3_p47h_70_5ucc355_6db46514}Last modified 1yr ago