{"id":4646,"date":"2024-06-26T05:35:03","date_gmt":"2024-06-26T05:35:03","guid":{"rendered":"https:\/\/secry.me\/explore\/?p=4646"},"modified":"2024-06-26T06:13:11","modified_gmt":"2024-06-26T06:13:11","slug":"hunter-discovering-path-traversal-vulnerability-in-5-minutes","status":"publish","type":"post","link":"https:\/\/secry.me\/explore\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\/","title":{"rendered":"Hunter Discovering Path Traversal Vulnerability in 5 Minutes"},"content":{"rendered":"<div class=\"c7f5092f831f91fb6af859cc3a8052cc\" data-index=\"4\" style=\"float: none; margin:10px 0 10px 0; text-align:center;\">\n<script async src=\"https:\/\/securepubads.g.doubleclick.net\/tag\/js\/gpt.js\"><\/script>\r\n<script>\r\n  window.googletag = window.googletag || {cmd: []};\r\n  googletag.cmd.push(function() {\r\n    googletag.defineSlot('\/22608490431\/iklan1', [[320, 100], [300, 50]], 'div-gpt-ad-1696178236578-0').addService(googletag.pubads());\r\n    googletag.pubads().enableSingleRequest();\r\n    googletag.enableServices();\r\n  });\r\n<\/script>\r\n<!-- \/22608490431\/iklan1 -->\r\n<div id='div-gpt-ad-1696178236578-0' style='min-width: 300px; min-height: 50px;'>\r\n  <script>\r\n    googletag.cmd.push(function() { googletag.display('div-gpt-ad-1696178236578-0'); });\r\n  <\/script>\r\n<\/div>\n<\/div>\n<h2>Path Traversal Vulnerability in 5 Minutes worth<strong> $4000<\/strong><\/h2>\n<h3>Understanding Directory Traversal, What is it?<\/h3>\n<p>Directory traversal is a vulnerability that allows an attacker to access files and directories outside the web root directory. In the context of cybersecurity, this vulnerability can lead to unauthorized access to sensitive system files, potentially compromising the security of a system.<\/p>\n<p>Below in the case of Peternak Kudanil, a bug hunter, directory traversal was discovered on a subdomain of a company listed on Bugcrowd.com. During routine testing, Peternak utilized tools to identify vulnerabilities and inadvertently found that by manipulating the URL path, he could access sensitive files such as <strong><em>\/etc\/passwd, \/etc\/group, and \/etc\/hosts<\/em><\/strong>. These files typically contain critical system information and are not intended to be accessible via a web interface.<\/p>\n<p>&nbsp;<\/p>\n<h3>Introduction of the Story<\/h3>\n<p>About a year ago, a bug hunter named <strong>Peternak Kudanil<\/strong> made a remarkable discovery that earned him <strong>$4000<\/strong> in <strong>just five minutes<\/strong>. This unexpected find was a path traversal vulnerability on a subdomain of a company listed on Bugcrowd.com. The discovery came about during a routine exploration, sparked by a method described on <a href=\"https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-IOVERTX-72442\"><em>https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-IOVERTX-72442<\/em><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3>Initial Exploration<\/h3>\n<p>Peternak began by searching for subdomains using popular enumeration tools like Aquatone and Sublist3r. Using Aquatone, he executed the command <em><strong>`aquatone-discover &#8211;domain domain.com`<\/strong><\/em>, and with <strong>Sublist3r<\/strong>, he ran <strong><em>`.\/Sublist3r.py -d domain.com`<\/em><\/strong>. These tools are effective in identifying and mapping out various subdomains associated with a primary domain.<\/p>\n<p>&nbsp;<\/p>\n<h3>Finding the Vulnerability: Path Traversal Vulnerability<\/h3>\n<p>During this process, Peternak found a subdomain named myaccount.redacted.com. Intrigued, he decided to test it with a path traversal payload. He accessed the URL `https:\/\/myaccount.redacted.com\/\/etc\/passwd`. To his surprise, the contents of the `\/etc\/passwd` file appeared on his screen, confirming the presence of a path traversal vulnerability.<\/p>\n<p>&nbsp;<\/p>\n<h3>Confirming the Issue<\/h3>\n<p>Not entirely convinced, Peternak decided to probe further. He entered another payload, `https:\/\/myaccount.redacted.com\/\/etc\/group`, and once again, sensitive information was displayed. He repeated this with yet another payload, `https:\/\/myaccount.redacted.com\/\/etc\/hosts`, and the result was the same: unauthorized access to crucial system files.<\/p>\n<p>&nbsp;<\/p>\n<h3>Reporting the Bug<\/h3>\n<p>Each payload revealed sensitive files that should not have been accessible. The initial success with the `\/etc\/passwd` file might have seemed like a fluke, but consistent results with `\/etc\/group` and `\/etc\/hosts` solidified the reality of the vulnerability. Peternak quickly realized the potential impact and severity of this security flaw.<\/p>\n<p>Without wasting any time, he reported the vulnerability to the company&#8217;s bug bounty program through Bugcrowd.com. Just a few hours after his submission on September 3, 2018, at 9:21 PM PDT, the company responded, acknowledging the issue and triaging it. By early the next morning, they had confirmed the vulnerability, changing its severity to Critical (P1) at 7:32 AM PDT. Merely a minute later, at 7:33 AM PDT, Peternak was rewarded <strong>$4000<\/strong> for his discovery.<\/p>\n<p>&nbsp;<\/p>\n<h3>Conclusion of Path Traversal Vulnerability<\/h3>\n<p>This quick resolution underscored the importance of proactive security measures and timely reporting. For his efforts, Peternak received a <strong>$4000 reward<\/strong>. This experience highlighted the critical role of continuous learning and vigilance in the cybersecurity field. It also showcased how seemingly routine explorations could lead to significant discoveries, emphasizing the unpredictable and rewarding nature of bug hunting.<\/p>\n<p>Peternak\u2019s journey from initial discovery to a successful bug report serves as an inspiration for other cybersecurity enthusiasts. It reminds us that the key to finding vulnerabilities often lies in curiosity, persistence, and the willingness to experiment with new techniques.<\/p>\n<p>Peternak\u2019s dedication and quick action not only earned him a substantial reward but also helped secure a vulnerable system, making the digital world a little safer.<\/p>\n<p>&nbsp;<\/p>\n<h3>How to Prevent Directory Traversal Vulnerabilities<\/h3>\n<p>Directory traversal vulnerabilities can pose significant risks to web applications by allowing attackers to access sensitive files and directories outside of the intended directory structure. To mitigate these risks, consider the following preventive measures:<\/p>\n<ul>\n<li>Input Validation and Sanitization: Implement strict input validation and sanitization techniques to ensure that user-supplied input, such as file paths or URLs, does not contain sequences that can navigate outside the intended directory structure.<\/li>\n<li>Use of White listing: Use white listing techniques to define acceptable inputs and reject any input that deviates from the expected format or structure.<\/li>\n<li>Path Normalization: Normalize file paths to their canonical or absolute forms before processing. This process helps remove any redundant or ambiguous path components that attackers could exploit.<\/li>\n<li>Access Controls: Implement robust access controls to restrict access to sensitive files and directories based on user roles and privileges. Ensure that only authorized users and applications have access to critical system files.<\/li>\n<li>File System Permissions: Set appropriate file system permissions to restrict access to directories and files based on the principle of least privilege. Limit read, write, and execute permissions to only those users and processes that require them.<\/li>\n<li>Security Testing: Regularly conducting security testing, including vulnerability scanning and penetration testing, helps organizations identify and remediate any potential directory traversal vulnerabilities before attackers can exploit them.<\/li>\n<\/ul>\n<p>By adopting these preventive measures, organizations can significantly reduce the risk of directory traversal vulnerabilities and enhance the overall security posture of their web applications.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Link to read full write up:<\/strong> <em>https:\/\/noobsec.org\/project\/2019-12-16-How-We-Get-4000$-in-5-Minutes\/<\/em><\/p>\n<p><strong>Save the PDF<\/strong>\u00a0<a href=\"https:\/\/secry.me\/explore\/pdf-story\/directory-traversal\/How%20We%20Get%204000$%20in%205%20Minutes%20_%20noobSecurity.pdf\"><em>here\u00a0<\/em><\/a><\/p>\n<p>&nbsp;<\/p>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n\n<div style=\"font-size: 0px; height: 0px; line-height: 0px; margin: 0; padding: 0; clear: both;\"><\/div>","protected":false},"excerpt":{"rendered":"<p>Path Traversal Vulnerability in 5 Minutes worth $4000 Understanding Directory Traversal, What is it? Directory traversal is a vulnerability that allows an attacker to access files and directories outside the web root directory. In the context of cybersecurity, this vulnerability can lead to unauthorized access to sensitive system files, potentially compromising the security of a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":4652,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[136,456],"tags":[460,13,192,228,458,114,457,459],"class_list":{"0":"post-4646","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-bug-bounty","8":"category-directory-traversal","9":"tag-aquatone","10":"tag-bug-bounty","11":"tag-cyber-security","12":"tag-directory-traversal","13":"tag-lfd","14":"tag-lfi","15":"tag-lfr","16":"tag-sublister"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.4 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Hunter Discovering Path Traversal Vulnerability in 5 Minutes | SECRY<\/title>\n<meta name=\"description\" content=\"Path Traversal Vulnerability in 5 Minutes worth $4000 Understanding Directory Traversal, What is it? Directory traversal is a vulnerability that allows an\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/secry.me\/explore\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hunter Discovering Path Traversal Vulnerability in 5 Minutes | SECRY\" \/>\n<meta property=\"og:description\" content=\"Path Traversal Vulnerability in 5 Minutes worth $4000 Understanding Directory Traversal, What is it? Directory traversal is a vulnerability that allows an\" \/>\n<meta property=\"og:url\" content=\"https:\/\/secry.me\/explore\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\/\" \/>\n<meta property=\"og:site_name\" content=\"SECRY\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/secry.me\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-26T05:35:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-06-26T06:13:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/secry.me\/explore\/wp-content\/uploads\/2024\/06\/Path-Traversal-Vulnerability.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Christin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\\\/\"},\"author\":{\"name\":\"Christin\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/acc5b116f6d4870e1ecd6928630104f5\"},\"headline\":\"Hunter Discovering Path Traversal Vulnerability in 5 Minutes\",\"datePublished\":\"2024-06-26T05:35:03+00:00\",\"dateModified\":\"2024-06-26T06:13:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\\\/\"},\"wordCount\":895,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/Path-Traversal-Vulnerability.png\",\"keywords\":[\"Aquatone\",\"Bug Bounty\",\"Cyber Security\",\"Directory Traversal\",\"LFD\",\"lfi\",\"LFR\",\"Sublister\"],\"articleSection\":[\"Bug Bounty\",\"Directory Traversal\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\\\/\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\\\/\",\"name\":\"Hunter Discovering Path Traversal Vulnerability in 5 Minutes | SECRY\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/Path-Traversal-Vulnerability.png\",\"datePublished\":\"2024-06-26T05:35:03+00:00\",\"dateModified\":\"2024-06-26T06:13:11+00:00\",\"description\":\"Path Traversal Vulnerability in 5 Minutes worth $4000 Understanding Directory Traversal, What is it? Directory traversal is a vulnerability that allows an\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\\\/#primaryimage\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/Path-Traversal-Vulnerability.png\",\"contentUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/Path-Traversal-Vulnerability.png\",\"width\":1280,\"height\":720,\"caption\":\"Directory Traversal Vulnerability\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/secry.me\\\/explore\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Hunter Discovering Path Traversal Vulnerability in 5 Minutes\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"name\":\"SECRY\",\"description\":\"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections\",\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"alternateName\":\"Security Story\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/secry.me\\\/explore\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\",\"name\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\",\"alternateName\":\"SECRY\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"contentUrl\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"width\":512,\"height\":512,\"caption\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/secry.me\",\"https:\\\/\\\/pinterest.com\\\/secry_me\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/acc5b116f6d4870e1ecd6928630104f5\",\"name\":\"Christin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"caption\":\"Christin\"},\"description\":\"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.\",\"sameAs\":[\"https:\\\/\\\/secry.me\\\/explore\"],\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/author\\\/secry\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Hunter Discovering Path Traversal Vulnerability in 5 Minutes | SECRY","description":"Path Traversal Vulnerability in 5 Minutes worth $4000 Understanding Directory Traversal, What is it? Directory traversal is a vulnerability that allows an","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/secry.me\/explore\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\/","og_locale":"en_US","og_type":"article","og_title":"Hunter Discovering Path Traversal Vulnerability in 5 Minutes | SECRY","og_description":"Path Traversal Vulnerability in 5 Minutes worth $4000 Understanding Directory Traversal, What is it? Directory traversal is a vulnerability that allows an","og_url":"https:\/\/secry.me\/explore\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\/","og_site_name":"SECRY","article_publisher":"https:\/\/www.facebook.com\/secry.me","article_published_time":"2024-06-26T05:35:03+00:00","article_modified_time":"2024-06-26T06:13:11+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2024\/06\/Path-Traversal-Vulnerability.png","type":"image\/png"}],"author":"Christin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Christin","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/secry.me\/explore\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\/#article","isPartOf":{"@id":"https:\/\/secry.me\/explore\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\/"},"author":{"name":"Christin","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/acc5b116f6d4870e1ecd6928630104f5"},"headline":"Hunter Discovering Path Traversal Vulnerability in 5 Minutes","datePublished":"2024-06-26T05:35:03+00:00","dateModified":"2024-06-26T06:13:11+00:00","mainEntityOfPage":{"@id":"https:\/\/secry.me\/explore\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\/"},"wordCount":895,"commentCount":0,"publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"image":{"@id":"https:\/\/secry.me\/explore\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2024\/06\/Path-Traversal-Vulnerability.png","keywords":["Aquatone","Bug Bounty","Cyber Security","Directory Traversal","LFD","lfi","LFR","Sublister"],"articleSection":["Bug Bounty","Directory Traversal"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/secry.me\/explore\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/secry.me\/explore\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\/","url":"https:\/\/secry.me\/explore\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\/","name":"Hunter Discovering Path Traversal Vulnerability in 5 Minutes | SECRY","isPartOf":{"@id":"https:\/\/secry.me\/explore\/#website"},"primaryImageOfPage":{"@id":"https:\/\/secry.me\/explore\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\/#primaryimage"},"image":{"@id":"https:\/\/secry.me\/explore\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2024\/06\/Path-Traversal-Vulnerability.png","datePublished":"2024-06-26T05:35:03+00:00","dateModified":"2024-06-26T06:13:11+00:00","description":"Path Traversal Vulnerability in 5 Minutes worth $4000 Understanding Directory Traversal, What is it? Directory traversal is a vulnerability that allows an","breadcrumb":{"@id":"https:\/\/secry.me\/explore\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/secry.me\/explore\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\/#primaryimage","url":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2024\/06\/Path-Traversal-Vulnerability.png","contentUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2024\/06\/Path-Traversal-Vulnerability.png","width":1280,"height":720,"caption":"Directory Traversal Vulnerability"},{"@type":"BreadcrumbList","@id":"https:\/\/secry.me\/explore\/hunter-discovering-path-traversal-vulnerability-in-5-minutes\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/secry.me\/explore\/"},{"@type":"ListItem","position":2,"name":"Hunter Discovering Path Traversal Vulnerability in 5 Minutes"}]},{"@type":"WebSite","@id":"https:\/\/secry.me\/explore\/#website","url":"https:\/\/secry.me\/explore\/","name":"SECRY","description":"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections","publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"alternateName":"Security Story","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/secry.me\/explore\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/secry.me\/explore\/#organization","name":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections","alternateName":"SECRY","url":"https:\/\/secry.me\/explore\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/","url":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","contentUrl":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","width":512,"height":512,"caption":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections"},"image":{"@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/secry.me","https:\/\/pinterest.com\/secry_me"]},{"@type":"Person","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/acc5b116f6d4870e1ecd6928630104f5","name":"Christin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","caption":"Christin"},"description":"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.","sameAs":["https:\/\/secry.me\/explore"],"url":"https:\/\/secry.me\/explore\/author\/secry\/"}]}},"_links":{"self":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/4646","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/comments?post=4646"}],"version-history":[{"count":7,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/4646\/revisions"}],"predecessor-version":[{"id":4654,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/4646\/revisions\/4654"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media\/4652"}],"wp:attachment":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media?parent=4646"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/categories?post=4646"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/tags?post=4646"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}