Directory traversal (also known as file path traversal)ΒΆ
Directory traversal (also known as file path traversal) is a web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application. This might include application code and data, credentials for back-end systems, and sensitive operating system files.
In some cases, an attacker might be able to write to arbitrary files on the server, allowing them to modify application data or behaviour, and ultimately take full control of the server.
It remains a fairly common vulnerability, especially in legacy systems, misconfigured servers and in APIs & file-handling functions. Directory Traversal still appears in real-world applications, though less frequently than SQLi or XSS. Testing for it is not a waste of time, but focus on high-risk areas first.
Directory Traversal can on oaccasion still be a relevant threat in file-processing apps, APIs, and older systems:
- File path traversal, simple case
- File path traversal, traversal sequences blocked with absolute path bypass
- File path traversal, traversal sequences stripped non-recursively
- File path traversal, traversal sequences stripped with superfluous URL-decode
- File path traversal, validation of start of path
- File path traversal, validation of file extension with null byte bypass