corbonium wrote:I completed this mission, but maybe by luck, if you count educated guesses as luck. So I have a question:
How do you know that directory traversal is the key? I could not find any evidence that anything is stored in different directories at all.
You don't really know that it is key! Just like you wouldn't know if a web-site filters SQLi, or XSS... You test it out, and if it works, you know it is vulnerable to such attacks, and if it fails, you know it is not vulnerable to those attacks. The first page was overwritten by another index file tells you that the user was able to upload his index page, and replace the actual index file, on the site. With that information, you know that there should be a way to upload a new index file onto the site. The obvious attack choice is directory traversal attack when you see there is a upload form.