-page-....-2f-2f....-2f-2f....-2f-2fetc-2fpasswd Info

The input you provided, -page-....-2F-2F....-2F-2F....-2F-2Fetc-2Fpasswd , is a classic example of a Path Traversal

in your specific example) represents the forward slash character ( How the Vulnerability Works This attack exploits Local File Inclusion (LFI) -page-....-2F-2F....-2F-2F....-2F-2Fetc-2Fpasswd

Keep Software Up-to-Date: Regularly update your operating systems, web servers, and applications to ensure you have the latest security patches.
Implement Security Filters: Use Web Application Firewalls (WAFs) and security filters to detect and prevent common web attacks, including path traversal and command injection.
Monitor Logs: Regularly monitor server logs to detect suspicious activity and potential security breaches.
Use Secure Protocols: Use secure communication protocols, such as HTTPS, to encrypt data transmitted between the client and server.
Limit Access: Restrict access to sensitive files and directories, such as /etc/passwd, to authorized users only.

%252F (double encoding)
..;/ (semicolon)
....// (as seen here)
Unicode encoded slashes

-2F-2F (double slash) or ....-2F-2F (extended dots) aims to bypass filters that only look for a single ../ sequence. The input you provided, -page-

Mitigating Path Traversal Attacks

....// in many URL parsers or path normalization functions (especially on older or misconfigured systems) collapses to ../ because: Keep Software Up-to-Date : Regularly update your operating

To defend against these attacks, you can implement the following features in your application or Web Application Firewall (WAF): Positive Input Validation (Allowlisting):

$page = $_GET['page'];
include("/var/www/html/" . $page);

Cookie	Duration	Description
__cfduid	1 month	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.