Client Side Path Traversal
Last updated 23 days ago
Was this helpful?
Look for file parameters in URLs:
Copy
https://example.com/getFile?path=/user/docs/report.pdf
Check if JavaScript fetches files:
fetch("/api/getFile?name=report.pdf")
https://app.example.com/delete-session?session=../profile
The resulting DELETE request would target /api/users/profile instead of /api/users/sessions/${sessionId}.
/api/users/profile
/api/users/sessions/${sessionId}