Injection: Directory traversal¶

Identifier: directory_traversal

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Directory traversal vulnerabilities occur when applications do not properly validate file path inputs, allowing attackers to access files outside the intended directory and potentially expose sensitive configuration or system information.

How we test: We inject directory traversal payloads containing path manipulation sequences into request parameters and analyze responses to detect if files outside the intended directory can be accessed. We test for various path traversal techniques and check if file path inputs are properly sanitized.

Execution conditions (BLST):

Runs when this test is enabled, arguments are present, and coverage is OK, EMPTY_RESPONSE, VALIDATION_ERROR, NOT_FOUND, or SERVER_ERROR.
Analysis of fuzzed responses runs only when response text is non-empty and coverage is not SERVER_UNREACHABLE, TIMEOUT, RATE_LIMIT, REDIRECTION, GENERIC_ERROR, or UNAUTHORIZED.

References:

https://escape.tech/blog/file-inclusion-directory-traversal-graphql/

Configuration¶

Example¶

Example configuration:

---
security_tests:
  directory_traversal:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.