An attacker successfully exploits a web application vulnerability by using "../" sequences in a URL to access sensitive configuration files located outside of the web server's root directory. Which of the following attack types BEST describes this scenario?
The scenario describes a directory traversal attack, also known as a path traversal attack. This attack manipulates input variables, like parts of a URL, with 'dot-dot-slash' ("../") sequences to navigate the server's file system and access files or directories outside the intended web root folder.
SQL injection (SQLi) is an attack that targets the application's database by injecting malicious SQL code into input fields.
Cross-site scripting (XSS) involves injecting malicious scripts into web pages viewed by other users, typically to steal session cookies or other sensitive information.
Privilege escalation is the act of gaining elevated rights and permissions, which could be a goal or result of an attack like directory traversal, but it is not the attack method itself.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a directory traversal attack?
Open an interactive chat with Bash
What does it mean for user input to be properly sanitized?
Open an interactive chat with Bash
What are the consequences of a successful directory traversal attack?