Directory traversal

Directory traversal allows attackers to gain access to files outside of the web root that should not be accessible through a web application. These attacks result in information disclosures and occur when attackers are able to manipulate file paths.

Detection

Directory traversal vulnerabilities are often identified through the presence of file extensions in URLs.

10.14.2.55/menu.php?file=index.php

If the user input is not validated, we may be able to modify the file path using "../" or "..\", and then attempting to access system files that should not be accessible through the web application.

Linux - /etc/passwd
Windows - c:\boot.ini
Windows - c:windows\win.ini
Windows - c:\windows\system32\drivers\etc\hosts

If input is validated, for example if dots and slashes are restricted, try URL, double URL, and Unicode encoding to bypass these filters.

URL encoding: %2e%2e%2ef%2e%2e%2e%2f%2e%2e%2fetc%2fpasswd