Path Traversal (Directory Traversal)
Path traversal allows attackers to read arbitrary files on the server by manipulating file path inputs with ../ sequences, bypassing the intended directory. Simple to exploit, devastating if successful.
Path Resolution
Input path-
Resolved-
Allowed base/var/www/files/
Result-
Bypass Techniques
../ | %2e%2e%2f
..%252f | %c0%ae%c0%ae/
null byte injection
Windows: ..\
..%252f | %c0%ae%c0%ae/
null byte injection
Windows: ..\
Event Log