abstract:A directory traversal (or path traversal) consists in exploiting insufficient security validation / sanitization of user-supplied input file names, so that characters representing "traverse to parent directory" are passed through to the file APIs.
Directorytraversalisanotherinjection-styleattack, wherein a malicious user tricksfilesystem code intoreading and/orwritingfilesthat theWeb servershouldn'thaveaccess to.