This challenge covers how to send specific HTTP requests

< 1 Hr.
HTTP Badge


In this challenge, you are required to send an HTTP multipart request to `/pentesterlab` with a file parameter named `filename`. The filename must include a directory traversal (`../`), which allows you to upload a file outside the intended storage directory of the application. This technique is especially useful for testing applications with multiple layers of reverse proxies, as it can reveal potential vulnerabilities in how files are handled and stored.

To tackle this challenge, it is recommended to start with the `curl` command-line tool to construct the request. You can then write a script in your favorite programming language to automate the process, enabling you to create a reusable collection of scripts for future use. The steps involve creating a dummy file, using `curl` to upload the file with the directory traversal in the filename, and analyzing the request to understand how the multipart data is structured.

Want to learn more? Get started with PentesterLab Pro! GO PRO