Introduction
In web security testing, even simple mistakes can lead to serious vulnerabilities. One such issue is Directory Traversal, also known as Path Traversal.
This vulnerability allows attackers to break out of restricted directories and access sensitive files stored on the server.
What is Directory Traversal?
Directory Traversal is a vulnerability where user-controlled input is used to access files without proper validation.
As a result, attackers can read files that should never be exposed, such as system configurations, application code, or user data.
Understanding the Concept
Many web applications load files dynamically. For example:
https://example.com/view-image?filename=robot.png
The server may internally look for the file like this:
/var/www/images/robot.png
If input validation is weak, an attacker can manipulate the request:
../../../../etc/passwd
Each "../" moves one directory up. By chaining multiple traversals, the attacker can escape the intended folder and access system-level files.
Why is it Dangerous?
This vulnerability can expose:
System files (e.g., /etc/passwd)
Application source code
Configuration files containing credentials
Internal directory structures
Practical Lab Approach
To understand this vulnerability better, practice in controlled labs.
Step 1: Capture the Request
Use an intercepting proxy to monitor requests for file loading.
Step 2: Identify Parameters
Look for parameters like:
GET /image?filename=15.jpg
Step 3: Modify the Input
../../../etc/passwd
Step 4: Observe Output
If the server returns file contents, the application is vulnerable.
Common Bypass Techniques
Even if filters are applied, attackers may bypass them using:
Encoded Payloads
%2e%2e%2f
Obfuscated Traversal
....//
Direct Paths
/etc/passwd
Prevention Techniques
Do Not Trust User Input
Never allow user input to directly control file paths.
Strict Input Validation
Allow only expected characters and patterns.
Use Whitelisting
Restrict file access to predefined filenames.
Apply Least Privilege
Ensure the server cannot access sensitive system files.
Conclusion
Directory Traversal highlights the risks of improper input handling. Even a small validation mistake can expose critical data.
Understanding this vulnerability is essential for anyone learning penetration testing or web security.
Final Note
This content is for educational purposes only. Always perform testing in authorized environments.
Comments
Post a Comment