handbook/tools/3.Web-Hacking/4.Injection/Directory-Traversal/Notes/1.What-is-Directory-Transversal.md


## Overview

![[Screenshot from 2022-12-02 11-06-41.png]]

- Allows an attacker to read files on the server that is running the application
	- Code
	- Data
	- Credentials
	- Sensitive OS files
	- Might even be able to write to files on the server

Example Exploit:
- Shopping application that loads images via HTML:
```
<imgsrc="/loadImage?filename=218.png">
```
- Attacker could request the following:
```
https://insecure-website.com/loadImage?filename=../../../etc/passwd
```
vault backup: 2024-08-31 01:07:21 2024-08-30 23:07:22 +00:00
			`## Overview`

			`![[Screenshot from 2022-12-02 11-06-41.png]]`

			`- Allows an attacker to read files on the server that is running the application`
			`- Code`
			`- Data`
			`- Credentials`
			`- Sensitive OS files`
			`- Might even be able to write to files on the server`

			`Example Exploit:`
			`- Shopping application that loads images via HTML:`
			```
			`<imgsrc="/loadImage?filename=218.png">`
			```
			`- Attacker could request the following:`
			```
			`https://insecure-website.com/loadImage?filename=../../../etc/passwd`
			```