hacktricks/pentesting-web/client-side-path-traversal.md

# Uvamizi wa Upande wa Mteja wa Kupitisha Njia

<details>

<summary><strong>Jifunze kuhusu uvamizi wa AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako inatangazwa kwenye HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**The PEASS Family**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kuvamia kwa kuwasilisha PRs kwenye** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.

</details>

## Taarifa Msingi

Uvamizi wa upande wa mteja wa kupitisha njia unatokea wakati unaweza **kubadilisha njia ya URL** ambayo itatumwa kwa mtumiaji kuitembelea kwa njia halali au ambayo mtumiaji kwa namna fulani atalazimishwa kuitembelea, kwa mfano kupitia JS au CSS.

Katika [**makala hii**](https://erasec.be/blog/client-side-path-manipulation/), ilikuwa inawezekana **kubadilisha URL ya mwaliko** ili iishie **kufuta kadi**.

Katika [**makala hii**](https://mr-medi.github.io/research/2022/11/04/practical-client-side-path-traversal-attacks.html), ilikuwa inawezekana kuunganisha **uvamizi wa upande wa mteja wa kupitisha njia kupitia CSS** (ilikuwa inawezekana kubadilisha njia ambapo rasilimali ya CSS ilipakia kutoka) na **upyaishaji wazi** ili kupakia rasilimali ya CSS kutoka kwenye **kikoa kinachodhibitiwa na mshambuliaji**.

<details>

<summary><strong>Jifunze kuhusu uvamizi wa AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako inatangazwa kwenye HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**The PEASS Family**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kuvamia kwa kuwasilisha PRs kwenye** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.

</details>
Translated to Swahili 2024-02-11 02:13:58 +00:00			`# Uvamizi wa Upande wa Mteja wa Kupitisha Njia`
GitBook: [#3748] No subject 2023-01-13 10:30:46 +00:00
			`<details>`

Translated to Swahili 2024-02-11 02:13:58 +00:00			`<summary><strong>Jifunze kuhusu uvamizi wa AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>`
GitBook: [#3748] No subject 2023-01-13 10:30:46 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Njia nyingine za kusaidia HackTricks:`
fix 2024-02-03 12:22:53 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`* Ikiwa unataka kuona kampuni yako inatangazwa kwenye HackTricks au kupakua HackTricks kwa muundo wa PDF Angalia [MPANGO WA KUJIUNGA](https://github.com/sponsors/carlospolop)!`
			`* Pata [swag rasmi ya PEASS & HackTricks](https://peass.creator-spring.com)`
			`* Gundua [The PEASS Family](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [NFTs](https://opensea.io/collection/the-peass-family)`
			`* Jiunge na 💬 [Kikundi cha Discord](https://discord.gg/hRep4RUj7f) au [kikundi cha telegram](https://t.me/peass) au tufuate kwenye Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks_live).`
			`* Shiriki mbinu zako za kuvamia kwa kuwasilisha PRs kwenye [HackTricks](https://github.com/carlospolop/hacktricks) na [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) repos za github.`
GitBook: [#3748] No subject 2023-01-13 10:30:46 +00:00
			`</details>`

Translated to Swahili 2024-02-11 02:13:58 +00:00			`## Taarifa Msingi`
GitBook: [#3748] No subject 2023-01-13 10:30:46 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Uvamizi wa upande wa mteja wa kupitisha njia unatokea wakati unaweza kubadilisha njia ya URL ambayo itatumwa kwa mtumiaji kuitembelea kwa njia halali au ambayo mtumiaji kwa namna fulani atalazimishwa kuitembelea, kwa mfano kupitia JS au CSS.`
GitBook: [#3748] No subject 2023-01-13 10:30:46 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Katika [makala hii](https://erasec.be/blog/client-side-path-manipulation/), ilikuwa inawezekana kubadilisha URL ya mwaliko ili iishie kufuta kadi.`
GitBook: [#3748] No subject 2023-01-13 10:30:46 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Katika [makala hii](https://mr-medi.github.io/research/2022/11/04/practical-client-side-path-traversal-attacks.html), ilikuwa inawezekana kuunganisha uvamizi wa upande wa mteja wa kupitisha njia kupitia CSS (ilikuwa inawezekana kubadilisha njia ambapo rasilimali ya CSS ilipakia kutoka) na upyaishaji wazi ili kupakia rasilimali ya CSS kutoka kwenye kikoa kinachodhibitiwa na mshambuliaji.`
GitBook: [#3748] No subject 2023-01-13 10:30:46 +00:00
			`<details>`

Translated to Swahili 2024-02-11 02:13:58 +00:00			`<summary><strong>Jifunze kuhusu uvamizi wa AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>`
GitBook: [#3748] No subject 2023-01-13 10:30:46 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Njia nyingine za kusaidia HackTricks:`
fix 2024-02-03 12:22:53 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`* Ikiwa unataka kuona kampuni yako inatangazwa kwenye HackTricks au kupakua HackTricks kwa muundo wa PDF Angalia [MPANGO WA KUJIUNGA](https://github.com/sponsors/carlospolop)!`
			`* Pata [swag rasmi ya PEASS & HackTricks](https://peass.creator-spring.com)`
			`* Gundua [The PEASS Family](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [NFTs](https://opensea.io/collection/the-peass-family)`
			`* Jiunge na 💬 [Kikundi cha Discord](https://discord.gg/hRep4RUj7f) au [kikundi cha telegram](https://t.me/peass) au tufuate kwenye Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks_live).`
			`* Shiriki mbinu zako za kuvamia kwa kuwasilisha PRs kwenye [HackTricks](https://github.com/carlospolop/hacktricks) na [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) repos za github.`
GitBook: [#3748] No subject 2023-01-13 10:30:46 +00:00
			`</details>`