What is Directory Traversal?

Directory traversal (also known as file path traversal) is a web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application. This might include application code and data, credentials for back-end systems, and sensitive operating system files. Attackers can exploit this vulnerability by manipulating variables that reference files with "dot-dot-slash (../)" sequences and its variations or by using absolute file paths.

Directory Traversal Attack Examples

Here are some examples of directory traversal attacks:

• Basic exploitation: An attacker might use a simple payload like "../etc/passwd" to try to retrieve the password file from a Unix system.
• Overcoming simple filters: If the application is blocking "../", an attacker might use url encoded equivalents like "..%2F" or "..%c0%af".
• Using absolute file paths: If the application is blocking the use of "../", an attacker might use absolute file paths like "/etc/passwd".

Preventing Directory Traversal Attacks

Preventing directory traversal attacks involves proper input validation and sanitization. This includes:

• Input validation: Validate user input by only accepting expected values.
• Use allow lists: Only allow known good input to pass through.
• Sanitize input: Remove or replace special characters from user input.
• Use chroot jails: Limit the user's environment to a specific directory tree.