Questions tagged [path-injection]

I have a Linux-based embedded system with web-interface for management purposes. According to one security paper, this web-server has rudimentary filter against directory traversal attacks in URL parameters. So in order to bypass the "../" filter,…

I'm writing a simple HTTP server in Lua and while I can easily find resources on how to secure against Unix directory traversal, I already found some caveats in the Windows version. While I'm already looking for C:\ at the beginning (C being "any…

Are path traversal attacks possible if attacker is not authenticated in web-application?