CafeClub

CafeClub was back open for business, this time with the hint File Inclusion.

Because the hint said File Inclusion, the first thing I do is turn off all the extra filters in BurpSuite (CSS, Images, ...). First thing I noticed was a GET request for an image.

This was the request I had to send to Repeater, because that looks like a path to a file. Once I did that, I just went up the chain with path traversal.

I had to try a couple of directories, but eventually I got a quick win and saw the flag 🇧🇪

PreviousFile Inclusion NextOttergram

Last updated 29 days ago