/vulndb/Directory Traversal

A Directory Traversal is a type of attack which aims to access files or directories that are stored outside the web root folder by injecting characters representing “traverse to parent directory” like ‘../’ in Unix. The goal of this attack is to force an application to access a file that is not intended to be accessible.

This technique may be used to retrieve, read and sometimes even execute server side files.

Solution

It is recommended to filter-out character sequences interpreted by the operating system as directory traversal commands, (for example: ‘../’ in Unix).

References

http://en.wikipedia.org/wiki/Directory_traversal