Directory traversal attack

A directory traversal, path traversal, or dot-dot-slash attack exploits insufficient security validation or sanitization of user-supplied file names, such that characters representing "traverse to parent directory" are passed through to the operating system's file system API. An affected application can be exploited to gain unauthorized access to the file system. == Examples == === In PHP === A typical example of a vulnerable application in PHP code is: An attack against this system could be to send the following HTTP request: The server would then generate a response such as: The repeated ../ characters after /home/users/phpguru/templates/ have caused include() to traverse to the root directory, and then include the Unix password file /etc/passwd.

Source: Wikipedia — Directory traversal attack (CC BY-SA 4.0)

Directory traversal attack

A directory traversal, path traversal, or dot-dot-slash attack exploits insufficient security validation or sanitization of user-supplied file names, such that characters representing "traverse to parent directory" are passed through to the operating system's file system API. An affected application can be exploited to gain unauthorized access to the file system. == Examples == === In PHP === A typical example of a vulnerable application in PHP code is: An attack against this system could be to send the following HTTP request: The server would then generate a response such as: The repeated ../ characters after /home/users/phpguru/templates/ have caused include() to traverse to the root directory, and then include the Unix password file /etc/passwd.

Source: Wikipedia "Directory traversal attack" · CC BY-SA 4.0

Share this article: X · Bluesky
Privacy Policy