Directory Traversal Vulnerability being Exploited in PinewoodStore and get /etc/passwd
Details
| Title | Directory Traversal Vulnerability being Exploited in PinewoodStore and get /etc/passwd |
| Author | GamefiedHacking |
| Duration | 2:27 |
| File Format | MP3 / MP4 |
| Original URL | https://youtube.com/watch?v=RZzcDzofTAg |
Description
Directory Traversal Vulnerability being Exploited in PinewoodStore to get the contents of /etc/passwd
🛒 **PinewoodStore Vulnerable App – Official Release**
Practice and learn web application security using the PinewoodStore application — a vulnerable Java Spring Boot app built for ethical hackers, pentesters, and security students. Now available as a Dockerized setup!
🔗 **GitHub Repository For the Hacking Lab**
[https://github.com/enochgitgamefied/pinewoodstoredocker](https://github.com/enochgitgamefied/pinewoodstoredocker)
📌 **How to Get Started**
1. Clone the repo:
```
git clone https://github.com/enochgitgamefied/pinewoodstoredocker.git
cd pinewoodstoredocker
```
2. Build and run:
```
docker-compose up --build
```
App runs at: [http://localhost:8088](http://localhost:8088)
🌐 **Running on a remote server?**
Replace all `localhost` values in `docker-compose.yml` with your server IP, for example:
if your remote server has IP address 192.168.1.100
- API_BASE_URL=http://192.168.1.100:8088
- API_BASE_URL_DIAG=http://192.168.1.100:84
- API_BASE_URL_PINEWOODSTORE=http://192.168.1.100:8088/welcome
🎯 **Included Vulnerabilities**
* Server Side Request Forgery (SSRF)
* Reflected Cross Site Scripting (XSS)
* Stored Cross Site Scripting (XSS)
* External XML Entity (XXE)
* Remote File Inclusion (RFI)
* Local File Inclusion (LFI)
* Directory Traversal
* Remote Code Execution (RCE)
* Server Side JSON Injection
* JWT Token Tampering
* DOM Based XSS
* Spring SPEL Injection
* Command Injection
* HTTP Request Smuggling
* File Upload Bypass
* Command Injection
* HTML Injection
🎥 Check the README for demo links to YouTube tutorials on each vulnerability.
**Background Music Info**
The background music used in this video is for **demo purposes only** and is **not included** in the GitHub repository due to copyright restrictions.
If you would like to use the same music, you must obtain the proper license from the creator.
✅ Request usage permission or download the track from this link:
👉https://uppbeat.io/track/soundroll/tropicana?rt=uc-referral
⚠️ For educational use only. Run in isolated test environments.
