Common Obstacles & Bypass
If the application strips or blocks directory traversal from user-supplied filename:
-
Use an absolute path to bypass - filename=/etc/passwd
-
Use nested traversal to bypass (
....// or ....\/) -
Utilize URL Encoding to bypass
-
Burp Suite Professional has a predefind payload list - Fuzzing - path traversal § Contains encoded path traversal sequences
-
Start with the base file and traverse from there filename=/var/www/images/../../../etc/passwd
-
Bypass the requirement to end with a file extension by using a null byte filename=../../../etc/passwd%00.png