PantsirПанцирь
Preparing access
Checking your lab membership...
Created 30 Aug 2025Updated 13 Feb 2026
Analytics Logs (Path Traversal)
A Go analytics service exposes log download endpoints that concatenate user-controlled paths, enabling traversal outside the logs directory.
go180 pts20 min

Story

You are on-call for the data platform team at a SaaS company. A new "debug logs" feature was shipped so internal analysts can quickly inspect ingestion logs without SSH access.

At 02:40 AM, security monitoring flags unusual requests like:

  • /logs?file=../go.mod
  • /logs2?file=../../../../etc/hosts

Both endpoints returned data that should never leave the server.

System Context

The service has two code paths that read log files:

  • GET /logs?file=... in files/main.go
  • GET /logs2?file=... in files/handlers/logs.go (registered by files/server.go)

The service should only allow files inside ./logs/.

Problem

The file selector from the request is used as part of a filesystem path, so attacker-controlled path segments can influence where the server reads from. That means requests can escape the intended logs folder and access files that belong to the application or host runtime. In a real production environment, this can expose source code, service configuration, secrets, and other artifacts that make follow-up compromise much easier.

Goal

Find the exact vulnerable line in the project code.

Content locked
Join this lab to access the content.
README.mdmarkdown