After some reconnaissance efforts, an attacker identified a web server hosted on a Linux system. The attacker then entered the URL shown below, Which type of web vulnerability is being exploited by the attacker?

IT Questions Bank › Category: Ethical Hacker › After some reconnaissance efforts, an attacker identified a web server hosted on a Linux system. The attacker then entered the URL shown below, Which type of web vulnerability is being exploited by the attacker?

After some reconnaissance efforts, an attacker identified a web server hosted on a Linux system. The attacker then entered the URL shown below,

http://192.168.46.82:45/vulnerabilities/fi/?page=../../../../../etc/httpd/httpd.conf

Which type of web vulnerability is being exploited by the attacker?

stored XSS
reflected XSS
directory traversal
cookie manipulation

Explanation: A directory traversal vulnerability (often called path traversal) can allow attackers to access files and directories stored outside the web root folder. It is possible to exploit path traversal vulnerabilities by manipulating variables that reference files with the dot-dot-slash (../) sequence and its variations or by using absolute file paths to access files on the vulnerable system. In this example, the attacker is trying to view the web server configuration file.

Exam with this question: 6.13.3 Quiz - Performing Post-Exploitation Techniques Answers