In the world of cybersecurity there is a widely known vulnerability known as Path Traversal, which can affect web servers, including Nginx servers. This represents a significant threat to the integrity and security of information.

What does it consist of?

This vulnerability allows an attacker to access and read files outside the designated root directory. Therefore, an attacker could manipulate file requests to reach resources that should not be accessible.

How is such a vulnerability exploited? This is achieved by manipulating directory paths in HTTP request URLs.

The following image shows an example of how the server’s passwd file would be accessed via the web. The “..” symbols indicate the number of directories between the files shown on the web and the location of the server’s root folder.