Corridor
A small literary press publishes their quarterly journal online. Every piece — story, essay, poem — lives on disk as a page fragment. When you click through to read one, the server fetches that fragment and assembles the page. The path handling is… not careful.
The Scenario
Ridgeline Press is a three-person independent literary press in the Pacific Northwest. They publish a quarterly journal of fiction, essays, and poetry, and their site is a static-as-it-gets PHP app that loads each piece from a file on disk. No CMS, no database — just a folder of HTML fragments and one unlucky `readfile` call.
Read the site. Find what shouldn't be there.
Lab Intel
Synopsis
Find the file the editors forgot to move.
Architecture
A beginner-friendly PHP + Apache literary-press site that loads each published piece from disk via a user-controlled slug. One-page LFI, no filters, no null-byte tricks — just `../`.
Who It's For
Newcomers comfortable with one injection lab who are ready to learn that input going into a filesystem path is just as dangerous as input going into SQL.
Skills You'll Practice
- Reading robots.txt as a discovery aid
- Recognising the shape of include / readfile patterns in URL parameters
- Basic `../` path traversal
What You'll Gain
- A mental model for filesystem-layer input attacks
- Vocabulary: LFI, path traversal, directory escape
- A third solve in a different flavour from SQLi and IDOR — filesystem, not data, not access control