Advanced Directory Traversal Techniques!

Показать описание

👩‍🎓👨‍🎓 Learn about Directory Traversal vulnerabilities. In this video, we are going to look at advanced strategies to test for directory traversal issues.

Overview:
00:00 Intro
00:12 Lab overview
00:53 Double Encoding
02:50 Base Folder Needed
04:37 Null Byte Injection
05:50 Conclusion

🔗 Portswigger Directory Traversal Challenges:

---

Рекомендации по теме

Комментарии

Your voice is so calming, thanks for the amazing explanation!

viniciusrodrigues

Great stuff going to use in my manual approach to hunt for this bug.

AnthonyMcqueen

Cam we apply these all path travasal techniques in different cases?Like anyother parameter who is retriving data from server?And second thing is that most of the modern applications are not using parameter like that "filename=picture.jpg" they use it like "/folder/3/2/picture.jpg" then can we apply techniques on this path aslo?

jwd

Have this scenary: an html javascript site where I can sing in and log in, can upload any file I want. But the site generate random uuid for the file when upload. So there is no location that I can see for the files.. so how I can find it? try many forms of traversal attacks but it just don't works.. maybe someone can send me some lights for my scenary.

pachinchannel

why did we need to url encode it twice? how are we going to know in a real world example that if we need to url encode it twice or not? are we going to try all the possiblities by hand? before this i had nothing in my mind as double encoding. i wonder how could i figure this out myself

alla-turca

Explain Subdomain enumerations methods!

fusman

What is the priority of directory traversal ?

bimalk

when i double encoded / i got this -%25%32%66 but when you did it 2:19 you got %252f how?

itsmdud

Advanced Directory Traversal Techniques!

Advanced Directory Traversal Techniques!

Directory Traversal | Complete Guide

Directory Traversal attacks are scary easy

What is directory traversal? (file path traversal) - Web Security Academy

LFI and Path Traversal are different

What is Directory Traversal?

Path Traversal - Exposing Hidden Files & Vulnerabilities | Bug Bounty #hacking

Directory Traversal Attacks

$4,000 Starbucks secondary context path traversal - Hackerone

[Find root] Directory traversal exploit

Directory traversal Poc bug bounty || bug 2023 live attack

Directory Traversal Attack Demo

How to turn a write-based path traversal into a critical? - Bug bounty case study

What is Local File Inclusion? How Directory Traversal Works? Hunt for Path Traversal | Bug Bounty

Web Academy | Directory Traversal | File Path Traversal, Simple case

Practical Web Application Security - Part 10 - Directory Traversal Attacks [Hacksplaining]

Penetration Testing - Path Traversal Attack

3 Tips I’ve learned after 2000 hours of Leetcode

Directory Traversal Vulnerability Poc || Bug bounty || POC || 2022

How to Exploit File Path Traversal

How to Find And Exploit Directory Traversal Vulnerability Using dotdotpwn

Using Double URL Encoding to Bypass Security Mechanisms for a Directory Traversal Attack

5.1 Graph Traversals - BFS & DFS -Breadth First Search and Depth First Search

17 Path Traversal Vulnerabilities Unveiled: A Beginner's Guide to Basic Discovery