Forbidden Paths

Challenge

Can you get the flag? Here's the website. We know that the website files live in /usr/share/nginx/html/ and the flag is at /flag.txt but the website is filtering absolute file paths. Can you get past the filter to read the flag?

Solution

Use a relative path to get up to / and then access flag.txt: ../../../../flag.txt. We know to go up 4 directories because /usr/share/nginx/html/ is 4 subdirectories from /. Clicking "Read" displays the flag.

Flag

picoCTF{7h3_p47h_70_5ucc355_6db46514}