Directory Traversal Attack
A directory traversal (or path traversal) consists in exploiting insufficient security validation / sanitization of user-supplied input file names, so that characters representing "traverse to parent directory" are passed through to the file APIs.
The goal of this attack is to order an application to access a computer file that is not intended to be accessible. This attack exploits a lack of security (the software is acting exactly as it is supposed to) as opposed to exploiting a bug in the code.
Directory traversal is also known as the ../ (dot dot slash) attack, directory climbing, and backtracking. Some forms of this attack are also canonicalization attacks.
Read more about Directory Traversal Attack: Example, Possible Methods To Prevent Directory Traversal
Famous quotes containing the words directory and/or attack:
“An actor who knows his business ought to be able to make the London telephone directory sound enthralling.”
—Donald Sinden (b. 1923)
“... possibly there is no needful occupation which is wholly unbeautiful. The beauty of work depends upon the way we meet it—whether we arm ourselves each morning to attack it as an enemy that must be vanquished before night comes, or whether we open our eyes with the sunrise to welcome it as an approaching friend who will keep us delightful company all day, and who will make us feel, at evening, that the day was well worth its fatigues.”
—Lucy Larcom (1824–1893)