Categories
Web Application Security

Introduction to Directory Traversal

Directory Traversal, or path traversal, is a vulnerability in web applications that can allow an attacker to access files which they should not be able to. Such as files outside of the application web root.

Categories
Cheat Sheets Web Application Security

Path Traversal Cheat Sheet: Windows

Got a path/directory traversal or file disclosure vulnerability on a Windows-server and need to know some interesting files to hunt for? I’ve got you covered Know any more good files to look for? Let me know! Are you on a Linux server? Try this one instead: Path Traversal Cheat Sheet: Linux

Categories
Cheat Sheets Web Application Security

Path Traversal Cheat Sheet: Linux

Got a path/directory traversal or file disclosure vulnerability on a Linux-server and need to know some interesting files to hunt for? I’ve got you covered Know any more good files to look for? Let me know!

The list included below contains absolute file paths, remember if you have a traversal attack you can prefix these with encoding traversal strings, like these: