Directory Traversal Attack
A directory traversal (or path traversal) consists in exploiting insufficient security validation / sanitization of user-supplied input file names, so that characters representing "traverse to parent directory" are passed through to the file APIs.
The goal of this attack is to order an application to access a computer file that is not intended to be accessible. This attack exploits a lack of security (the software is acting exactly as it is supposed to) as opposed to exploiting a bug in the code.
Directory traversal is also known as the ../ (dot dot slash) attack, directory climbing, and backtracking. Some forms of this attack are also canonicalization attacks.
Read more about Directory Traversal Attack: Example, Possible Methods To Prevent Directory Traversal
Famous quotes containing the words directory and/or attack:
“An actor who knows his business ought to be able to make the London telephone directory sound enthralling.”
—Donald Sinden (b. 1923)
“Philosophy can be compared to some powders that are so corrosive that, after they have eaten away the infected flesh of a wound, they then devour the living flesh, rot the bones, and penetrate to the very marrow. Philosophy at first refutes errors. But if it is not stopped at this point, it goes on to attack truths. And when it is left on its own, it goes so far that it no longer knows where it is and can find no stopping place.”
—Pierre Bayle (1647–1706)