Directory Traversal Vulnerability is a vulnerability that allows a Web application to read files located outside of the Web Server Root Directory.
Attacker can access critical files on web server like,
/etc/passwd /etc/shadow /proc/version /proc/mounts C:\WINDOWS/system32/win.ini (In windows)
Let's say, webpage has link to contact page as,
It is loading contact.php there.
so URL becomes,
If this web app is vulnerable to Directory Traversal Vulnerability, Attackers can use either absolute path.
or relative path (Sequence of
../ needs to try)
To access any file on the server like.
Your system would get compromised.
- Avoid reading files based on user input
- Validate user input using a strong filter before processing it.
- DotDotPwn: The Directory Traversal Fuzzer