Leak some secret configuration variables
Difficulty: Medium
UnicornBox stores some configuration variables in a config.yml
file in a
folder separate from the users’ files: The layout of the server storage is as
follows:
site/
file/
foo1.txt
foo2.txt
...
config/
config.yml
Your task: Gain access to the secrets stored within config.yml
.
Tips
-
Most browsers modify URLs before they are truly actually sent to the server. If you are having trouble determining what URLs are sent to the server, consider using the Network tab of your browser’s debugger.
-
If you need to encode certain characters (this is not required, but might be helfpul for some people), check out some HTML URL encodings.
-
What happens if you try to access a file that your user account doesn’t have access to? Consider what has to be true before a file is “served” from the file system in this website.
-
The Path Traversal lecture slides may be helpful.