Path Traversal
Path Traversal is a vulnerability that allows attackers to access files and directories outside the intended directory by manipulating file path references with sequences like ../ in application input.
Path Traversal, also known as directory traversal or dot-dot-slash attacks, is a vulnerability that allows an attacker to read or write files outside the web application’s intended directory. By injecting relative path sequences such as ../ into file-referencing parameters, an attacker can navigate the server’s filesystem to access sensitive files like /etc/passwd, application configuration files containing database credentials, or even source code. Path traversal can affect any functionality that handles file paths based on user input, including file download endpoints, image serving, template loading, and log viewing features.
Why It Matters
Path traversal vulnerabilities can expose the most sensitive assets on a server. Configuration files often contain database credentials, API keys, and encryption secrets. On Linux systems, reading /etc/shadow can provide password hashes for offline cracking. In containerized environments, reading /proc/self/environ can leak environment variables containing cloud credentials and service tokens. Path traversal can also be chained with other vulnerabilities; for example, traversing to upload a web shell into the web root converts a file read into remote code execution.
A common scenario involves a document download feature at /download?file=report.pdf. An attacker changes the parameter to file=../../../../etc/passwd, and if the server does not validate the resolved path, it returns the system’s password file. More sophisticated attacks use URL encoding (%2e%2e%2f), double encoding, or null byte injection to bypass basic filters.
How Revaizor Handles This
Revaizor’s AI pentesting agents test file-handling endpoints with an extensive library of path traversal payloads across operating systems, including Windows backslash variants, URL-encoded sequences, Unicode normalization bypasses, and null byte truncation. The platform correlates results across endpoints to build a comprehensive map of accessible files, demonstrating the full blast radius of a traversal flaw rather than reporting individual instances in isolation. This approach gives security teams a clear picture of exposure and helps prioritize remediation effectively.
Related Terms
Remote Code Execution (RCE)
Remote Code Execution is a critical vulnerability class that allows an attacker to execute arbitrary code on a target system remotely, often leading to complete system compromise and lateral movement.
Server-Side Request Forgery (SSRF)
Server-Side Request Forgery is a vulnerability that allows an attacker to induce a server-side application to make HTTP requests to an arbitrary domain or internal resource of the attacker's choosing.
SQL Injection
SQL Injection is a code injection technique that exploits vulnerabilities in an application's database layer by inserting malicious SQL statements into input fields or query parameters.
Related Vulnerabilities
Related Articles
AI Pentesting vs. Vulnerability Scanners: Understanding the Difference
Scanners find potential issues. AI pentesters validate real exploits. Here's why the distinction matters.
Why Autonomous Penetration Testing Matters in 2025
Traditional pentesting can't keep up with modern release cycles. Here's how autonomous AI changes the equation.
Related Services
Web & API Pentesting
AI-powered web and API penetration testing with autonomous tool selection and validated exploits.
Source Code Review
Autonomous source code analysis that finds vulnerabilities directly in your GitHub repository.