Mirage
NovaPan's log viewer seems a little too helpful. Can you see past the mirage?
The Scenario
NovaPan is a popular web hosting control panel used by thousands of small businesses. A recent security audit flagged the log viewer feature as 'low risk' after basic path traversal attempts were blocked. Your job is to prove the auditors wrong.
Challenge Intel
Synopsis
A beginner local file inclusion lab hiding behind a hosting panel's log viewer.
What It Is
NovaPan is a hosting control panel whose log-viewing feature looks harmless on the surface. The auditors waved it through because naive traversal attempts bounced off a basic filter, but a closer look at how paths are resolved tells a different story. A good first contact with path-traversal and LFI-style thinking.
Who It's For
Beginners who want a friendly introduction to local file inclusion and path-traversal concepts.
Skills You'll Practice
- Path traversal against filtered inputs
- Local file inclusion fundamentals
- Filter-bypass reasoning for path handlers
- Recognising file-viewer abuse patterns
- Reading server responses for inclusion tells
What You'll Gain
- A confidence-building first LFI solve
- Working knowledge of how filters fail at the edges
- Appreciation for why shallow audits miss real bugs
- Vocabulary for describing traversal findings in reports