Saturday 04 July 2026 18:28:53 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Directory traversal

A flaw that lets an attacker manipulate file paths to reach locations outside the intended folder.

Directory traversal is a flaw that lets an attacker manipulate file paths so a program reads from or writes to locations outside the intended folder. It usually happens when software trusts user-controlled names such as ../ sequences, absolute paths, or malformed archive entries instead of normalizing and validating them first.

This matters because it can expose sensitive files, overwrite configuration or startup files, or place malware where it will be executed later. In real attacks, directory traversal often appears in web applications, file upload handlers, and archive extractors that fail to restrict where content is unpacked. Defenders reduce the risk by rejecting unsafe path components, resolving paths before use, extracting files in a sandbox or dedicated directory, and keeping tools patched. Careful logging of unexpected file writes and extraction behavior can also reveal abuse early.

← WIKICROOK index