We were not able to access the passwd file using basic traversal payloads as the web application was validating the file type in the end. We used a null byte to bypass the file type check and were able to exploit the path traversal vulnerability.
We read the passwd file using curl and solved the lab
