edit-icon download-icon

Directory traversal attack

Last Updated: May 07, 2018

Description

Directory traversal is an HTTP exploit that allows attackers to access restricted directories and run commands outside of the web server’s root directory.

This vulnerability can be exploited when an application fails to check the file path, and may cause any file or source code on the server to be leaked.

Fix

  • Closely inspect the file path parameters and strictly limit the parameters within a specified range. Do not allow users to control file-path-related parameters and limit the scope of file paths.

  • Use open-source vulnerability fixing plug-ins.

Thank you! We've received your feedback.