I am working on this problem:
https://www.hackthissite.org/missions/realistic/3/
The site above has been hacked and it is our job to return it back to its original state. I started by looking at the source code. The hacker left a comment reading:
"Note to the webmasterThis website has been hacked, but not totally destroyed. The old website is still up. I simply copied the old index.html file to oldindex.html and remade this one. Sorry about the inconvenience."
Therefore I went to https://www.hackthissite.org/missions/realistic/3/oldindex.html
I then clicked on submit poetry. In the name field I put ../index.html and in the poem field I put the source code of the page:
www(dot)hackthissite.org(dot)missions/realistic/3/oldindex(dot)html.
I got the right answer; however, I don't quite get how this works.
First of all how do you know when something is susceptible to directory traversal. I did it because I looked at the forums, but how would I know that directory traversal is an option?
If you click on read poem --> 'poem name' you get a url like this:
www(dot)hackthissite(dot)org/missions/realistic/3/readpoem(dot)php?name=The%20Idiot
In that case wouldn't the final url using ../index.html be:
www(dot)hackthissite(dot)org/missions/realistic/3/?name=index(dot)html
not www(dot)hackthissite(dot)org/missions/realistic/3/index(dot)html
Sory for the (dot). I need more reputation to post more links.