HansITAcademy

Directory traversal attack, also known as path traversal attack, allows attackers to access arbitrary files on server that is running applications. For example, an HTTP attack that allows attackers to access restricted directories that is outside of web server’s root directory as directory traversal attack. Attackers can use special characters like dot dot slash combinations to access files stored elsewhere and this type of vulnerability is often found in embedded web software like device management or remote administration interfaces. To prevent this type of attack, it’s good to create whietelist of safe files, use URL mappings to identify files with no risk, and avoid passing any filenames in the user input.