Traverse
Traverse Docs' knowledge base. A clean documentation site — but how does it serve those pages under the hood?
The Scenario
Traverse is a four-person developer-tools startup out of Berlin that launched their API product in 2023 and rewrote the docs portal last month after a Show-HN thread complained the old one felt sluggish. The new version was put together by the founding engineer in a single caffeinated weekend, modelled on a tutorial blog post they half-read on the plane home from a conference. It looks the part — they have not yet had time to revisit how it actually serves pages.
Challenge Intel
Synopsis
A beginner local file inclusion lab hiding behind a professional-looking documentation site.
What It Is
Traverse Docs renders its knowledge base by loading pages dynamically based on user-supplied identifiers. That convenience feature was implemented without the guardrails you'd want on any filesystem-backed loader. A friendly introduction to path-traversal and LFI thinking in a clean, believable environment.
Who It's For
Beginners practising path traversal on a realistic but forgiving target.
Skills You'll Practice
- Path traversal fundamentals
- Local file inclusion against content loaders
- Recognising unsafe file-resolution patterns
- Basic payload iteration and tuning
- Reading responses for inclusion signals
What You'll Gain
- A satisfying first LFI solve on a professional-feeling app
- A foundation of path-traversal intuition to build on
- Familiarity with how docs and CMS features can go wrong
- Vocabulary to describe LFI findings in write-ups