Is this considered directory traversal?


#1

So I’m currently testing a site that has a url like this

example.com/dir1/dir2?nextPage=/someOtherDir/someHTMLfile.html

I found that I can do to get to the home page

example.com/dir1/dir2?nextPage=../../

or I can read files like the CSS for another page

example.com/dir1/dir2?nextPage=../../dir3/dir4/css/main.css

NOTE: The company’s policy states that a researcher can only go to the minimal amount of testing required to prove that a vulnerability, so I don’t want to try accessing the passwd file or any other sensitive file that isn’t already public. I also tried example.com/dir1/dir2?nextPage=google.com but it seems to check if the URL is local so that doesn’t work. Would what I found be considered directory traversal?


#2

No, this would not be directory traversal, as you are not proving that you have access anything that’s restricted.


#3

Please refer to the OWASP page for this kind of attack

https://www.owasp.org/index.php/Testing_Directory_traversal/file_include_(OTG-AUTHZ-001)