What Is Directory Traversal In Cyber Security?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
What Is Directory Traversal in Cyber Security?
Directory traversal:
Directory traversal is also known as path traversal. It is the wide-open web security that allows the access to the attackers to read the random files on the server. The data included in these files include code and the data of the application, files of the sensitive operating system, and credentials for a backup system. In addition to the reading of the files it might be possible for attackers to write in the random files, attackers also modify the data or behavior and finally take full control of the server.
Directory traversal is an HTTP attack it gives access to the attackers to the restricted files and takes full command of the server from outside of the webserver. Two major security systems are provided by the web servers.
Access Control Lists (ACLs):
In the authorization process, this list is used. By using this list web server administrators indicate which group or users are skilled to use accessing, and modifying the particular files.
Root Directory:
On the server file system, it is the specific directory in which the users are restricted. Not being able to access anything beyond this directory root.
If the website is vulnerable:
If the website is unprotected from the directory traversal, so the attackers have access outside the root directory and access to the other parts of the system file. Attackers reach the restricted files to gain more information that is being used for further compromise in the system. Based on the setup of the website access, the attackers made commands and mock themselves as user which is related to the website.