💖Directory Traversal

• Directory traversal allows attackers to access restricted directories including application source code, configuration, and critical system files and execute commands outside the web server’s root directory
• Accessing files located outside the web publishing directory using directory traversal
• Attackers can manipulate variables that reference files with “dot-dot-slash(../)" sequences and its variations

http://www.example.com/process.jsp=../../../../some dir/some file
http://www.example.com/../../../../some dir/some file
ex:http://www.example.com/GET/process.jsp./../../../../../etc/passwd

// Vulnerable Server Code
String filename = request.getParameter("filename");
if(filename != null){
    String locationVariable = request.getServletContext().getRealPath("/");
    String pathVariable = locationVariable + filename;
    Path filepath = Paths.get(pathVariable);
}