eeldused
veebi- jt serverites eraldab avalikke faile
privaatsetest või süsteemifailidest
tihti ainult see, et
neid hoitakse eraldi kataloogis
= prerequisite: a web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application

olemus
ründaja püüab sobivalt adresseeritud päringuga
hüpata kõrgema taseme kataloogi ning
selle kaudu jõuda mitteavalike kataloogide ja failideni
=
an attack aiming to access files and directories that are stored outside the web root folder

ülevaateid
https://en.wikipedia.org/wiki/Directory_traversal_attack

https://www.acunetix.com/websitesecurity/directory-traversal/

https://www.owasp.org/index.php/Path_Traversal

https://www.youtube.com/watch?v=jJ0ijQ5pADE

https://hydrasky.com/network-security/directory-traversal-attacks/

https://cwe.mitre.org/data/definitions/35.html

https://research.cs.wisc.edu/mist/SoftwareSecurityCourse/Chapters/3_3-Directory-Traversal.pdf

https://blog.secuna.io/hacking-applications-with-directory-traversal/

tõrje
https://image.slidesharecdn.com/yhj4fbjdqvsya0ocz383-signature-6fe2027c8f65735dd8da829282c0c957891ef6196788b5914b2e7cd19aab61a4-poli-151113151737-lva1-app6891/95/hack-fix-hands-on-coldfusion-security-training-26-638.jpg

https://www.hacksplaining.com/prevention/directory-traversal

https://brightsec.com/blog/directory-traversal-mitigation/

http://www.techpaste.com/2015/02/stop-file-path-traversal-attack-apache/

https://arxiv.org/pdf/1908.04502.pdf