From MRL Wiki
blackbox.smashthestack.org - level 4
This level is a directory traversal with a twist. User input is appended to "/usr/share/level5", and the resulting file is displayed to stdout. However, user input undergoes sanity checking before being appended.
The first step is that any characters matching "." or "/" at the beginning of the input string are skipped. Therefore the beginning of the input must contain a valid file or directory. Luckily a dummy subdirectory has been provided under /usr/share/level5.
The input string is then passed through two filters. The first pass strips any instance of the character sequence "/../". The second strips the character sequence "/./".
Because of the order of the filters, it's possible to retain a "/../" character sequence by including "/./.././" in the input string.
level4@blackbox:~$ ~/shared lyrics/./../././../././../././.././home/level5/password Contents of /usr/share/level5/lyrics/../../../../home/level5/password: <password displays>