# Directory traversal Directory traversal allows attackers to gain access to files outside of the web root that should not be accessible through a web application. These attacks result in *information disclosures* and occur when attackers are able to manipulate file paths. #### Detection Directory traversal vulnerabilities are often identified through the presence of file extensions in URLs. ``` 10.14.2.55/menu.php?file=index.php ``` If the user input is not validated, we may be able to modify the file path using "../" or "..\\", and then attempting to access system files that should not be accessible through the web application. ``` Linux - /etc/passwd Windows - c:\boot.ini Windows - c:windows\win.ini Windows - c:\windows\system32\drivers\etc\hosts ``` If input is validated, for example if dots and slashes are restricted, try URL, double URL, and Unicode encoding to bypass these filters. ``` URL encoding: %2e%2e%2ef%2e%2e%2e%2f%2e%2e%2fetc%2fpasswd ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://notes.oncyberwar.com/4.-exploitation/web-application-attacks/directory-traversal.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.