KrazePlanetLabs - Directory Traversal Labs

About Directory Traversal Vulnerabilities

Directory Traversal (also known as Path Traversal) vulnerabilities occur when an application uses user-supplied input to construct file paths without proper validation, allowing attackers to access files outside the intended directory.

Common Directory Traversal Sources

File Parameters: file, path, page, include

Media Parameters: image, photo, document, attachment

Directory Parameters: dir, folder, directory

Template Parameters: template, view, layout

Download Parameters: download, get, fetch

Common Traversal Sequences

Basic Traversal: ../../../etc/passwd, ..\..\..\windows\system32\drivers\etc\hosts

URL Encoding: %2e%2e%2f, %252e%252e%252f

Unicode Encoding: %c0%ae%c0%ae%c0%af

Null Byte: ../../../etc/passwd%00

Double Encoding: %252e%252e%252f

Real-World Impact

Access to sensitive system files (passwd, hosts, etc.)

Exposure of configuration files and credentials

Access to application source code and databases

Bypassing access controls and authentication

Information disclosure and data exfiltration

Directory Traversal Bootcamp

About Directory Traversal Vulnerabilities

Common Directory Traversal Sources

Common Traversal Sequences

Real-World Impact