Directory Traversal Vulnerabilities
- Access the files which aren’t usually accessible by manipulating file paths
Identifying and Exploiting Directory Traversals
- Identify URL query strings and form bodies containing references to files or folders
- Once identified, we can test by trying to read files any user on the system should be able to access (e.g.: on Linux
/etc/passwd, on Windows:c:\windows\system32\drivers\etc\hosts) - Example
http://10.11.0.22/menu.php?file=current_menu.phphttp://10.11.0.22/menu.php?file=c:\windows\system32\drivers\etc\hosts
Relevant Note(s):