Path traversal (also known as directory traversal) is an attack that uses an affected application to gain unauthorized access to server file system folders that are higher in the hierarchy than the web root folder. A successful path traversal attack can fool a web application into reading and consequently exposing the contents of files outside of the document root directory of the application or the web server, including credentials for back-end systems, application code and data, and sensitive operating system files.
Path traversal vulnerabilities can exist in a variety of programming languages, including Python, PHP, Apache, ColdFusion, and Perl. They can also be located in web server software or in application code executed on a server. While not technically gaining root access, an attacker can still use path or directory traversal to gain access to critical data such as passwords, log files, intellectual property, and other sensitive data – all of which can lead to further attacks and compromise.
Meet software delivery deadlines and security mandates. Contrast Community Edition for Java applications, .NET Core (and .Net Framework coming soon), and APIs delivers security-as-code that protects your software against the most common security flaws. With Contrast, you can remediate vulnerabilities early in the SDLC and monitor and defend against attacks on production applications.