mirror of
https://github.com/0x5t4l1n/hunting.git
synced 2026-05-26 19:36:33 +00:00
copilot-swe-agent[bot]
ba72efbc5e
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
18 lines
743 B
Markdown
18 lines
743 B
Markdown
# Path Traversal
|
|
|
|
## Description
|
|
Path traversal (also known as directory traversal) is a web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application. This might include application code and data, credentials for back-end systems, and sensitive operating system files.
|
|
|
|
## Common Attack Vectors
|
|
- File download functionality
|
|
- File upload functionality
|
|
- Template inclusion
|
|
- Image/document display features
|
|
- Static resource serving
|
|
|
|
## Testing Approach
|
|
Submit path traversal sequences (../, ..\.., etc.) in file parameters to attempt to access files outside the intended directory.
|
|
|
|
## Payloads
|
|
See `path-traversal-payloads.txt` for a comprehensive list of path traversal payloads.
|