Directory traversal (path traversal) vulnerabilities allow attackers to access files outside the intended directory — reading configuration files, source code, credentials, or system files like /etc/passwd. Testing covers: basic traversal sequences (../), encoding bypasses (URL encoding, double encoding, null bytes), absolute path injection, file inclusion vulnerabilities (local and remote), and traversal through file upload features. Despite being well-known, path traversal remains common because applications often construct file paths from user input in ways that bypass web framework protections.
Technical
Directory Traversal and Path Traversal: Accessing Files Outside the Web Root — 日本企業向けガイド
Path traversal vulnerabilities allow reading sensitive files from the server. Testing for ../ sequences and encoding bypasses. Guidance for JP market.