Path Traversal/Directory Traversal Attack

WHAT IS PATH TRAVERSAL OR DIRECTORY TRAVERSAL?

Path traversal (also known as directory traversal) is an attack that uses an affected application to gain unauthorized access to server file system folders that are higher in the directory hierarchy than the web root folder. A successful path traversal attack can fool a web application into reading and consequently exposing the contents of files outside of the document root directory of the application or the web server, including credentials for back-end systems, application code and data, and sensitive operating system files.

Path traversal vulnerabilities can exist in a variety of programming languages, including Python, PHP, Apache, ColdFusion, and Perl. They can also be located in web server software or in application code executed on a server. While not technically gaining root access, an attacker can still use path or directory traversal to gain access to critical data such as passwords, log files, intellectual property, and other sensitive data – all of which can lead to further attacks and compromise.

Back to Listing

BY USE CASE

BY DEPARTMENT

BY INDUSTRY

GITHUB ACTIONS BLOG SERIES, PART 1: PIPELINE NATIVE CODE ANALYSIS

Contrast Security recognized as a Visionary by Gartner in Application Security Testing.

Contrast Incident Response Hub

Path Traversal/Directory Traversal Attack

WHAT IS PATH TRAVERSAL OR DIRECTORY TRAVERSAL?