Course

In this lab, we explore a directory traversal vulnerability in a PHP application. The exercise involves reviewing the source code of `index.php` and `file.php`. The code attempts to restrict file access by checking if the file path includes `/var/www`. However, this check is insufficient and can be bypassed by adding traversal sequences like `../../` to the path, allowing an attacker to access sensitive files such as `/etc/passwd`.

The video transcript walks through the PHP code line by line. It highlights how the application performs checks using `strstr` to ensure the file path contains `/var/www`. Unfortunately, the check does not canonicalize the path, making it vulnerable to directory traversal attacks. The lab emphasizes the importance of proper path validation and demonstrates how an attacker can exploit this weakness to access unauthorized files.