bg_image
header

Directory Traversal

What is Directory Traversal?

Directory Traversal (also known as Path Traversal) is a security vulnerability in web applications that allows an attacker to access files or directories outside the intended directory. The attacker manipulates file paths to navigate through the server’s filesystem.

How Does a Directory Traversal Attack Work?

A vulnerable web application often processes file paths directly from user input, such as an URL:

https://example.com/getFile?file=report.pdf

If the server does not properly validate the input, an attacker could modify it like this:

https://example.com/getFile?file=../../../../etc/passwd

Here, the attacker uses ../ (parent directory notation) to move up the directory structure and access system files like /etc/passwd (on Linux).

Risks of a Successful Attack

  • Exposure of sensitive data (configuration files, source code, user lists)
  • Server compromise (stealing SSH keys or password hashes)
  • Code execution, if the attacker can modify or execute files

Prevention Measures

  • Input validation: Sanitize user input and allow only safe characters
  • Use secure file paths: Avoid directly using user input in file operations
  • Least privilege principle: Restrict the web server’s file access permissions
  • Whitelist file paths: Allow access only to predefined files

 


Created 3 Days 9 Hours ago
Categories
Object-oriented programming 25 Applications 53 Design Patterns 20 Strategies 112 Continuous Integration - CI 2 Testing 9 Characteristic 44 Protocols 19 Communication 9 Data Structure 5 Version Control 6
PHP 50 Python 4 Ruby 1 TypeScript 3 JavaScript 19 Erlang 2 Java 3 General 3 Python 0 Go 3 Perl 2
NoSQL 9 Relational Databases 16 Concepts 4 General 5 Data Warehouse 2 Time Series Databases 1 Data Types 1
Terraform 1 Cloud Computing 11 Server 4 Network 26 Virtualization 3 Ansible 1 Architecture 7 Characteristics 2
Cascading Style Sheets - CSS 3 Leaner Style Sheets - LESS 1 Syntactically Awesome Stylesheets - Sass 1
Attack Methods 18 Security Mechanisms 12 Organisations 1 Famous Security Loopholes 3
HTML 3 XML 4 Extensible Hypertext Markup Language - XHTML 1 Markdown 1
CSS 1
Kuenstliche Intelligenz 5
SCRUM 5 General 1 Kanban 1 Extreme Programming - XP 1 Crystal 5 Dynamic Systems Development Method - DSDM 1 Feature Driven Development - FDD 1
Applications 2
Characteristics 3 Strategies 2 Applications 2
Tags
XML Schema Definition - XSD 2 Number of entries with this tag Redundanz 1 Number of entries with this tag Acceptance Tests 8 Number of entries with this tag Continuous Deployment - CD 14 Number of entries with this tag Command Query Responsibility Segregation - CQRS 1 Number of entries with this tag Express.js 4 Number of entries with this tag Coroutines 2 Number of entries with this tag Structured Query Language - SQL 17 Number of entries with this tag Selenium 1 Number of entries with this tag DynamoDB 1 Number of entries with this tag Alpine.js 1 Number of entries with this tag Uniform Resource Locator - URL 9 Number of entries with this tag Exakat 1 Number of entries with this tag Kubernetes 2 Number of entries with this tag Java Virtual Machine - JVM 3 Number of entries with this tag
Latest Article

Media Queries

in Category

DevelopmentPrinciplesStrategies

Created 1 Day 0 Hours ago
Random Article

Extensible Markup Language - XML

in Category

DevelopmentMarkup LanguageXML

Created 1 Year ago
Random Tech

Cypress

cypress_logo_social.png