🔓 Comprehensive Guide: File Path Traversal Vulnerabilities

🧠 Introduction

Path traversal (also known as directory traversal) is a critical web vulnerability that allows attackers to manipulate input paths to access files and directories outside the application's intended scope. Successful exploitation can lead to leakage of sensitive files, such as configuration files, user data, source code, and OS-level files like /etc/passwd.

This guide explains various forms of path traversal, real-world exploitation techniques, and robust prevention methods. It also includes a practical step-by-step methodology for hunters during security assessments.

🔍 Scenario 1: Basic Path Traversal

Vulnerability:

An application loads resources from a fixed directory (e.g., /var/www/images/) based on a user-supplied parameter like filename. When no validation or restriction is applied, attackers can include sequences such as ../ to traverse outside the directory.

Exploit:

GET /image?filename=../../../etc/passwd

Mitigation:

🔍 Scenario 2: Encoded Traversal Sequences

Vulnerability:

Some applications strip ../ patterns from user input without decoding it first. This allows attackers to bypass filters using URL encoding or double encoding.

Exploit:

GET /image?filename=%252e%252e%252fetc%252fpasswd