directory traversal
kataloogihüpe
eeldused
veebi- jt serverites eraldab avalikke faile
privaatsetest või süsteemifailidest
tihti ainult see, et
neid hoitakse eraldi kataloogis
olemus
ründaja püüab sobivalt adresseeritud päringuga
hüpata kõrgema taseme kataloogi ning
selle kaudu jõuda mitteavalike kataloogide ja failideni
ülevaateid
https://en.wikipedia.org/wiki/Directory_traversal_attack
https://www.acunetix.com/websitesecurity/directory-traversal/
https://www.owasp.org/index.php/Path_Traversal
https://www.youtube.com/watch?v=jJ0ijQ5pADE
https://hydrasky.com/network-security/directory-traversal-attacks/
https://www.htbridge.com/vulnerability/path-traversal.html
https://cwe.mitre.org/data/definitions/35.html
https://research.cs.wisc.edu/mist/SoftwareSecurityCourse/Chapters/3_3-Directory-Traversal.pdf
https://blog.secuna.io/hacking-applications-with-directory-traversal/
tõrje
https://image.slidesharecdn.com/yhj4fbjdqvsya0ocz383-signature-6fe2027c8f65735dd8da829282c0c957891ef6196788b5914b2e7cd19aab61a4-poli-151113151737-lva1-app6891/95/hack-fix-hands-on-coldfusion-security-training-26-638.jpg
http://www.dummies.com/programming/networking/how-to-detect-and-prevent-directory-traversal-hacks/
http://www.techpaste.com/2015/02/stop-file-path-traversal-attack-apache/
https://www.whitehatsec.com/blog/path-traversal-attack-solutions/
https://arxiv.org/pdf/1908.04502.pdf