https://hexpysya.github.io/tags/path-traversal/Recent content in Path Traversal on bubka hacks stuffHugo -- gohugo.ioen-usThu, 02 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/ld-passwd-found-in-requested-url---possible-lfi-attack/Thu, 02 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/ld-passwd-found-in-requested-url---possible-lfi-attack/An external Tencent Cloud IP sent a single LFI request targeting /etc/passwd via path traversal. The server returned HTTP 500 with an empty response body, confirming the attack did not succeed.https://hexpysya.github.io/blue_team/ld-arbitrary-file-read-on-checkpoint-security-gateway-cve-2024-24919/Tue, 31 Mar 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/ld-arbitrary-file-read-on-checkpoint-security-gateway-cve-2024-24919/An attacker exploited CVE-2024-24919 against a Check Point Security Gateway, successfully reading /etc/passwd via a path traversal payload. A second request targeting /etc/shadow from a related IP was blocked. The attack succeeded and the endpoint was escalated to Tier 2.https://hexpysya.github.io/investigations/htb-conversor/Mon, 19 Jan 2026 00:00:00 +0000https://hexpysya.github.io/investigations/htb-conversor/Flask web application vulnerable to path traversal during file uploads. Exploited by uploading Python reverse shell to cron-executed directory → gained www-data shell → extracted MD5 hashes from SQLite database → cracked password for user fismathack → leveraged CVE-2024-48990 in needrestart 3.7 for privilege escalation to root.