Directory traversal is a process of scanning computer folders for useful information. It can be done through an operating system’s user interface or by giving explicit commands to the operating system. Recursive directory traversals can identify large groups of files with similar characteristics. However, it can be exploited by malicious code, particularly in web pages. Care must be taken to ensure that no unauthorized directory traversals can be performed by a client viewing a web page.
A directory traversal is a process by which the contents of computer folders, or directories, are systematically scanned. For both developers and inexperienced computer users, a directory traversal can yield a wealth of useful information. This methodology is used in a variety of computer applications, including searches for files in an operating system.
When doing a directory traversal, the process starts in the “working directory”. Many directory traversals are recursive, meaning they scan the contents of the working directory and the contents of any separate folders or subdirectories contained in the working directory. Recursive directory traversals can easily identify large groups of files with similar characteristics. A directory traversal can also be used to select specific file types for analysis, modification or deletion.
The crossings can be made in two different ways. The first traversal method, which is usually done by all computer users at some point, is done through an operating system’s user interface. Precisely how this is done depends on the operating system, but in this context, traversing directories is often as simple as clicking in a folder, then clicking in a folder within that folder, and so on. Because the speed of this approach is limited by how fast a user can manually traverse through directories, it is usually the slower of the two traversal methods.
Programmers and developers usually use the second traversal method, which involves giving explicit commands to the operating system, rather than using its interface. This method is more flexible than interface-based traversal and can often be linked with other operating system commands to access and modify multiple files simultaneously. In general, most computer users don’t need to traverse this way, although the option is almost always present.
While directory traversals can be very useful, they can be exploited by malicious code, particularly in web pages. When programming websites, web designers often need to take great care to ensure that no unauthorized directory traversals can be performed by a client viewing a web page. Because a directory traversal has the potential to display a lot of information, allowing a client access to a web page’s component directories could pose a significant security risk. Directory traversals are not dangerous or harmful per se, so scanning directories as a trusted user on a computer does not automatically put a computer or its data in danger. In almost all contexts, directory traversals are safe and useful methods of getting information from a computer.
Protect your devices with Threat Protection by NordVPN
