Preventing Directory Traversal

Directory traversal vulnerabilities allow attackers to access arbitrary files on your system. They tend to occur in older technology stacks, which map URLs too literally to directories on disk.

Risks

Prevalence
Common
Rating prevelance on Rating prevelance on Rating prevelance on
Exploitability
Moderate
Rating exploitability on Rating exploitability on Rating exploitability on
Impact
Devastating
Rating impact on Rating impact on Rating impact on

If an attacker discovers a directory traversal vulnerability, it is only a matter of time before they compromise your system. An experienced attacker will have seen a similar technology stack, and will have a playbook of things to try next.

If your site is indexed on Google, and you have URLs that pass file names in the query string, you are likely advertising a potential vulnerability to attackers. Hackers often use search engines to locate likely targets, and will search for tell-tale URLs. Try searching Google for site:<yourdomain.com> inurl:file= to see if any results get returned!