You are currently viewing Exploring Directory traversal vulnerability

Exploring Directory traversal vulnerability

Introduction to Directory Traversal Vulnerabilities

Hello, guys! How are you all doing? Today, we are starting a series on Directory Traversal vulnerabilities, and in this series, we will write a total of 6 articles. I will provide links to the other articles in this series along with this one, which is our 1st article on Directory Traversal vulnerability (Exploring Directory Traversal Vulnerability). First, let’s learn about what this vulnerability is and its impact.

Directory Traversal vulnerability is a vulnerability found in websites that allows an attacker to read server files by exploiting it. These files can include application source code or sensitive system files. If the impact of Directory Traversal vulnerability is high, an attacker can even execute arbitrary commands on the server and compromise the entire system.

Labs that we will cover in this series

File path traversal, simple case
File path traversal, traversal sequences blocked with absolute path bypass
File path traversal, traversal sequences stripped non-recursively
File path traversal, traversal sequences stripped with superfluous URL-decode
File path traversal, validation of start of path
File path traversal, validation of file extension with null byte bypass

File path traversal, simple case

Lab Description

Exploring Directory traversal vulnerability

First, we will solve the 1st lab on File path traversal, which is a simple case and can be easily solved. This lab contains a file path traversal vulnerability that can be found in the product images. To solve this lab, you need to retrieve the /etc/passwd file.

Lab Solution

Exploring Directory traversal vulnerability

First, access the lab. After accessing it, enable your Burp Suite proxy. Add the lab’s URL to the target tab so that we can easily filter the traffic.

Exploring Directory traversal vulnerability

Now, click on the view details of any product. You will start seeing the traffic in your Burp’s HTTP history.

File path traversal simple case

Filter the traffic by selecting “Show only in scope items” and mark the “image” option on the right side. This will show us the image URLs where the vulnerability exists.

File path traversal simple case

You can see that we found an image with a .jpg extension. We will send this request to the repeater for further testing.

File path traversal simple case

You can see that I modified the filename to filename=../../../etc/passwd. This payload will go three directories back and fetch the /etc/passwd file to show us.

File path traversal simple case

With this, we have successfully solved the PortSwigger Web Security Lab’s File path traversal simple case.

You can learn everything related to web security on our website. We upload the latest articles on web security topics on a daily basis, so stay with us.

The next topic to continue this series is OS Command Injection, You must have to complete the Directory traversal topic before starting the next topic in this series. Good Luck!

also read about Cross-site WebSocket hijacking


What is web security?

Website security refers to protecting a website or web application from cyberattacks, unauthorized access, or other security threats.

What is web application security?

Web application security means protecting a website from cyberattacks. These attacks may include vulnerabilities such as SQL injection, XSS, file inclusion, and others.

Which of the following is a good security practice for web browsing?

It is always a good practice to use an up-to-date browser with timely updates. Keep your browser plugins up-to-date, avoid malicious websites and links, and always enable 2-factor authentication while avoiding clickjacking.

How to find someone’s social security number on the dark web

Searching for someone’s social security number or credit card information on the dark web is illegal and unethical. It is important to always avoid such activities and protect yourself and others from cyber threats.

Leave a Reply