Client Side Path Traversal

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}

Basic Information

Path traversal ya upande wa mteja inatokea wakati unaweza kubadilisha njia ya URL ambayo itatumwa kwa mtumiaji kutembelea kwa njia halali au kwamba mtumiaji kwa namna fulani atakuwa lazimishwa kutembelea kwa mfano kupitia JS au CSS.

Katika hiki andiko, ilikuwa inawezekana kubadilisha URL ya mwaliko ili ikamilishe kuondoa kadi.

Katika hiki andiko, ilikuwa inawezekana kuunganisha path traversal ya upande wa mteja kupitia CSS (ilikuwa inawezekana kubadilisha njia ambapo rasilimali ya CSS ilipakuliwa) na redirect wazi ili kupakua rasilimali ya CSS kutoka domeni inayodhibitiwa na mshambuliaji.

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}

3 KiB Raw Blame History

Client Side Path Traversal

Basic Information

3 KiB

Raw Blame History