Directory Traversal

Directory Traversal is synonymous with Path Traversal - a vulnerability that allows attackers to navigate outside the web root or intended directory structure to access arbitrary files on the server using path manipulation sequences.

How It Works

By injecting directory navigation sequences (../ or ..\) into file path parameters, attackers can climb out of restricted directories and access sensitive files anywhere on the filesystem that the application has permission to read.

Attack Vectors

# File download endpoints
GET /download?file=../../../../etc/passwd

# Image/document viewers
GET /view?doc=../../../config/database.yml

# Template inclusion
GET /page?template=../../../app/secrets.yml

# Log file viewers
GET /logs?file=../../var/log/auth.log

Detection Patterns

• Multiple consecutive ../ sequences
• Encoded variations: %2e%2e/, %2e%2e%5c
• Attempts to access known system files
• Null bytes in file paths (legacy systems)

Prevention

• Validate and sanitize all file path input
• Use allowlists for permitted files
• Resolve paths and verify they stay within intended directory
• Run application with minimal filesystem permissions

See Also

• Path Traversal
• Local File Inclusion
• Arbitrary File Read