Directory Traversal
Virtually every web application attack works on a premise of “tricking” the web application into performing an action that the attacker is unable to directly perform himself. An attacker can’t normally directly access an application’s database, but he can trick the web application into doing it for him through SQL injection attacks. He can’t normally access other users’ accounts, but he can trick the web application into doing it for him through cross-site scripting attacks. And he can’t normally access the file system on a web application server, but he can trick the application into doing it for him through directory traversal attacks. To show an example of directory traversal, let’s return one more time to Dave’s photo ...
Get Web Application Security, A Beginner's Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.