diff --git a/spec/vulnerabilities/insecure_dor_spec.rb b/spec/vulnerabilities/insecure_dor_spec.rb
index aada5eb..29d14b6 100644
--- a/spec/vulnerabilities/insecure_dor_spec.rb
+++ b/spec/vulnerabilities/insecure_dor_spec.rb
@@ -11,7 +11,7 @@ feature 'insecure direct object reference' do
 
     visit "/users/#{@normal_user.user_id}/benefit_forms"
     download_url = first('.widget-body a')[:href]
-    visit download_url.sub(/name=(.*?)&/, 'name=../../config/database.yml&')
+    visit download_url.sub(/name=(.*?)&/, 'name=config/database.yml&')
 
     pending(:if => verifying_fixed?) {
       page.status_code.should == 200