题目:
The ‘guest’ user has access to all the files in the lesson_plans directory. Try to break the access control mechanism and access a resource that is not in the listed directory. After selecting a file to view, WebGoat will report if access to the file was granted. An interesting file to try and obtain might be a file like tomcat/conf/tomcat-users.xml
guest有查看lesson_plans目录的权限。尝试打破这一控制机制并且获取到不在该目录中的资源。当你选择一个文件来查看后,WebGoat会报告该文件是否是所要求的。或许你可以尝试获取例如tomcat/conf/tomcat-users.xml这一文件。
This lesson can be solved by intercepting the filename in Burpsuite and replacing it with …/tomcat-users.xml which is a file located in a folder below the current directory.
原理:…\代表进入当前目录下的文件列表。
1.选择任意文件,并点击View File按钮进行查看,同时打开Burpsuite进行数据包的监听。我这里选择的是HttPSplitting.html文件
2.找到圈红的文件名HttpSplitting位置,将其修改为…\conf\tomcat-users.xml
3.点击Forward,查看效果。
