CSPT

Client Side Path Traversal

Detection

• Look for file parameters in URLs:

  Copy

  https://example.com/getFile?path=/user/docs/report.pdf

• Check if JavaScript fetches files:

  Copy

  fetch("/api/getFile?name=report.pdf")

Exploitation

https://app.example.com/delete-session?session=../profile

The resulting DELETE request would target /api/users/profile instead of /api/users/sessions/${sessionId}.

Client-Side Path Traversal Leads to Account DeletionDeepStrike

CSPT2CSRF

Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF · Doyensec's Blogblog.doyensec.com

Burp Extension

Client-Site Path Traversal Exploitationportswigger.net

Client-Side Path Traversal | VeryLazyTechwww.verylazytech.com

GitHub - doyensec/CSPTBurpExtension: CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.GitHub

Interesting Books

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

• The Web Application Hacker’s Handbook The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more

• Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them

• Real-World Bug Hunting: A Field Guide to Web Hacking Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery.