What is a Directory Traversal or Path Traversal Attack?
Directory traversal or path traversal attacks exploit weak security validation or sanitization of user-supplied file names, such that characters represent “traverse to parent directory,” which are passed through to the operating system. Directory traversal or path traversal are HTTP-borne attacks which grant attackers access to restricted directories and allows them to execute commands outside of the web server’s root directory.