Directory Traversal Vulnerabilities

• Access the files which aren't usually accessible by manipulating file paths

Identifying and Exploiting Directory Traversals

• Identify URL query strings and form bodies containing references to files or folders
• Once identified, we can test by trying to read files any user on the system should be able to access (e.g.: on Linux /etc/passwd, on Windows: c:\windows\system32\drivers\etc\hosts)
• Example
  • http://10.11.0.22/menu.php?file=current_menu.php
  • http://10.11.0.22/menu.php?file=c:\windows\system32\drivers\etc\hosts

Relevant Note(s):