Analytics Logs (Path Traversal)

Pantsir has just launched. If you find any issues, report to @kartik_mehta8.
For companies wanting to publish their own lab, contact @kartik_mehta8 or mail at hello@pantsir.cc.

PantsirПанцирь

Preparing access

Checking your lab membership...

Created 30 Aug 2025Updated 30 Aug 2025

Analytics Logs (Path Traversal)

A logs endpoint reads files by name from a logs directory without path sanitization, allowing traversal.

go180 pts20 min

Overview

The Analytics service exposes multiple endpoints that return the contents of log files for debugging:

GET /logs?file=... (in files/main.go)
GET /logs2?file=... (in files/server.go + files/handlers/logs.go)

An incident revealed arbitrary file reads on the host by abusing .. path traversal.

Your task: identify where traversal occurs and propose a safe join pattern. See files/utils/fs.go for a safe join example (not used by the vulnerable handlers).

Recently created

Jump to the latest lab.

Auth Service (PHP) - SQL Injection & Weak Hash

A PHP auth endpoint concatenates user input into SQL and uses md5 for passwords.

phpmedium

Files

analytics-path-traversal-go

Wrap

Content locked

Join this lab to access the content.

handlers/logs.gogo