如果您的程序需要遍历文件系统(递归地遍历子目录)，那么要提防攻击者可能会利用您正在遍历的目录结构。

If your program walks the file system, recursively iterating through subdirectories, be careful if an attacker could ever manipulate the directory structure you're walking.

youdao

目录遍历是另一种注入类型的攻击，攻击者欺骗文件系统读或写服务器不允许操作的文件。

Directory traversal is another injection-style attack, wherein a malicious user tricks filesystem code into reading and/or writing files that the Web server shouldn't have access to.

youdao

目录遍历是另一种注入类型的攻击，攻击者欺骗文件系统读或写服务器不允许操作的文件。

Directory traversal is another injection-style attack, wherein a malicious user tricks filesystem code into reading and/or writing files that the Web server shouldn't have access to.

youdao