🧪 Input Validation Lab

🛡️ Only safe file names like readme.txt or info.txt are allowed. Try to bypass validation and access the hidden flag.txt.

📚 What is Path Traversal?

Path Traversal (a.k.a Directory Traversal) is a vulnerability that allows attackers to access files outside the intended directory by manipulating input paths.

💀 Example Attack:

Try inputs like:

../../flag.txt
../secret/flag.txt
../../etc/passwd (on Linux)

🔐 How to Prevent Path Traversal:

Never use user input directly in file paths.
Whitelist only expected filenames (as we do in this challenge).
Use secure libraries and sanitization functions to normalize paths.
Restrict file access to a specific directory using chroot or similar techniques.

📖 Learn More:

Visit OWASP Path Traversal Guide

🧬 Input Validation Challenge

📚 What is Path Traversal?

💀 Example Attack:

🔐 How to Prevent Path Traversal:

📖 Learn More: