Relative Path Traversal

This attack is a variant of Path Traversal and can be exploited when the application accepts the use of relative traversal sequences such as "../".

More detailed information can be found on Path_Traversal

Examples
The following URLs are vulnerable to this attack:

http://some_site.com.br/get-files.jsp?file=report.pdf http://some_site.com.br/get-page.php?home=aaa.html http://some_site.com.br/some-page.asp?page=index.html

A simple way to execute this attack is like this:

http://some_site.com.br/get-files?file=../../../../some dir/some file http://some_site.com.br/../../../../etc/shadow http://some_site.com.br/get-files?file=../../../../etc/passwd

Related Threats
Category: Information Disclosure

Related Attacks

 * Path Manipulation
 * Path Traversal
 * Resource Injection

Related Vulnerabilities
Category:Input Validation Vulnerability

Related Countermeasures
Category:Input Validation