Skip to content

Path Traversal/Directory Traversal


Path traversal (also known as directory traversal) is an attack that uses an affected application to gain unauthorized access to server file system folders that are higher in the hierarchy than the web root folder. A successful path traversal attack can fool a web application into reading and consequently exposing the contents of files outside of the document root directory of the application or the web server, including credentials for back-end systems, application code and data, and sensitive operating system files.

Path traversal vulnerabilities can exist in a variety of programming languages, including Python, PHP, Apache, ColdFusion, and Perl. They can also be located in web server software or in application code executed on a server. While not technically gaining root access, an attacker can still use path or directory traversal to gain access to critical data such as passwords, log files, intellectual property, and other sensitive data – all of which can lead to further attacks and compromise.

Back to Listing