In this test we first manually identify all parts of your web application that accept data from the user. This includes HTTP GET and POST queries and common options like ﬁle uploads and HTML forms to determine which part of the application is vulnerable to input validation bypassing.
Once we identify a URL in which the application retrieves a file from the web server, we manipulate that URL string with the name of the targeted files through commands and web server escape codes.
If your web application is vulnerable to directory (path) traversal, than it can expose the root directory and access to restricted files.
We perform the following tests:
Test parameters that could be used for ﬁle-related operations.
Test unusual ﬁle extensions.
Test interesting variable names.
Test the possibility to identify cookies used by the web application for dynamic generation of pages.
Report will include all the detected input vector and their testing and detailed analysis of the directory (path) traversal vulnerability found.
Based on our finding through our extensive tests we will provide recommendations in the report on how to fix the directory (path) traversal vulnerability.