1
Q
What’s directory traversal?
A
web application vulnerability that allows an attacker to access files and directories outside the intended scope of a web application
2
Q
What are the other names for directory traversal?
A
Path Traversal or Directory Climbing
3
Q
When can attacker exploit directory traversal vulnerability?
A
- when the application does not properly validate or sanitize user-supplied input that includes file or directory paths
- the input is often provided through parameters in URLs or form inputs
4
Q
What’s the attacker’s goal in directory traversal attack?
A
to traverse up the directory structure and access files or directories outside the intended scope of the application
Web Application Security
flashcards
Decks in class (17)
# Cards
-
HTTP Security Headers7
-
Injection Vulnerabilities4
-
SQL Injection12
-
Command Injection4
-
Cross-Site Scripting (XSS)12
-
Cross-Site Request Forgery (CSRF)6
-
Server-Side Request Forgery (SSRF)5
-
Clickjacking5
-
Session Hijacking7
-
Insecure Direct Object References (IDOR)4
-
Directory Traversal4
-
Split-Response4
-
OWASP8
-
Cloud Native Applications1
-
Wordpress11
-
Cookies0
-
Webshell0
