Path Traversal attack & Its Fixation
What is the Vulnerability?
Path Traversal (aka Directory Traversal) is a vulnerability that allows attackers to access files outside the intended directory by manipulating the file path input. This occurs when user-supplied input is improperly validated, allowing use of sequences like ../ to traverse directories.
Example Attack:
Real-World Impact
Information Disclosure:
Read sensitive system or application files.
Code Execution (Chained Exploits):
Load unintended code files.
Compliance Violation:
Breach of PII, secrets, or logs.
Solution to Fix the vulnerability
To prevent path traversal:
1. Normalize and Validate Paths
Ensure user input cannot escape the intended base directory.
2. Use Whitelists
Allow access only to known good files or IDs instead of filenames.
3. Restrict File Extensions
Block potentially dangerous extensions (.php, .sh, etc.)
4. Disable Symbolic Links (optional)
On Unix systems, disallow symlinks pointing outside the allowed dir.
“Path Traversal is deceptively simple but highly dangerous. Fixes are straightforward if caught early. Always validate, normalize, and control file access based on business logic—not user input.”