# Directory traversal

Directory traversal allows attackers to gain access to files outside of the web root that should not be accessible through a web application.  These attacks result in *information disclosures* and occur when attackers are able to manipulate file paths.

#### Detection

Directory traversal vulnerabilities are often identified through the presence of file extensions in URLs. 

```
10.14.2.55/menu.php?file=index.php
```

If the user input is not validated, we may be able to modify the file path using "../" or "..\\", and then attempting to access system files that should not be accessible through the web application.

```
Linux - /etc/passwd
Windows - c:\boot.ini
Windows - c:windows\win.ini
Windows - c:\windows\system32\drivers\etc\hosts
```

If input is validated, for example if dots and slashes are restricted, try URL, double URL, and Unicode encoding to bypass these filters.

```
URL encoding: %2e%2e%2ef%2e%2e%2e%2f%2e%2e%2fetc%2fpasswd
```