Back to course

Directory Traversal and File Inclusion Vulnerabilities

Cyber Security Mastery: From Zero to Hero

Accessing Forbidden Files

These two related flaws allow attackers to read or execute files outside the web server's intended public directory.

1. Directory Traversal (Path Traversal)

  • Vulnerability: Occurs when a web application accepts user input (e.g., a filename) and uses it directly in a file path without sanitization.
  • Payload: Using ../ (dot-dot-slash) sequences to move up directories.

Example Attack: Attacker requests http://target.com/show_file.php?file=../../../../etc/passwd.

  • Impact: Reading sensitive system files (like /etc/passwd or web.config).

2. Local File Inclusion (LFI)

  • Vulnerability: Similar to traversal, but the application attempts to include the file in the running script, rather than just display it.

  • Impact: If the file is a configuration file, it is displayed. If the file is executable (e.g., a PHP script planted via a vulnerability), it is executed on the server, leading to RCE.