File path traversal (also known as directory traversal) is a vulnerability that allows attackers to read the contents of files to which they should not have access.
File path traversal may allow an attacker to read sensitive configuration files containing secret keys and passwords, access the source code for the application which they can scour for vulnerabilities, or obtain other privileged data files. In some situations, an attacker can leverage the file path traversal vulnerability to gain complete control over the web server.
File path traversal vulnerabilities arise when an application incorporates user data into a file path which it then uses to access the underlying filesystem. An attacker can manipulate the data to cause the application to retrieve a different file to the one intended, allowing the attacker to read the contents of unauthorized files.
File path traversal vulnerabilities arise when user-controllable data is used within a filesystem operation in an unsafe manner. Typically, a user-supplied filename is appended to a directory prefix in order to read or write the contents of a file. If vulnerable, an attacker can supply path traversal sequences (using dot-dot-slash characters) to break out of the intended directory and read or write files elsewhere on the filesystem.
This is typically a very serious vulnerability, enabling an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.
Ideally, application functionality should be designed in such a way that user-controllable data does not need to be passed to filesystem operations. This can normally be achieved by referencing known files via an index number rather than their name, and using application-generated filenames to save user-supplied file content.
If it is considered unavoidable to pass user-controllable data to a filesystem operation, three layers of defense can be employed to prevent path traversal attacks: