Path Traversal is a vulnerability whereby paths provided from an untrusted source are interpreted in such a way that unauthorised file access is possible.
For example, consider a script that fetches an article by taking a filename, which is then read by the script and [[Parse|parsed]]. Such a script might use the following hypothetical URL to retrieve an article about [[dog food]]:
If the script has no input checking, instead trusting that the filename is always valid, a [[malicious user]] could forge a URL to retrieve configuration files from the webserver:
Depending on the script, this may expose the [[Passwd#Password file|/etc/passwd]] file, which on [[Unix-like]] systems contains (among others) [[User identifier (Unix)|user IDs]], their [[Username|login names]], [[home directory]] paths and [[Operating system shell|shells]]. (See [[SQL injection]] for a similar attack.)
