https://soffensive.github.io/tags/path-traversal/Recent content in Path Traversal on soffensive blogHugoenTue, 19 Jun 2018 01:31:00 -0700https://soffensive.github.io/posts/web-app-sec/2018-06-19-exploiting-blind-file-reads-path-traversal-vulnerabilities-on-microsoft-windows-operating-systems/Tue, 19 Jun 2018 01:31:00 -0700https://soffensive.github.io/posts/web-app-sec/2018-06-19-exploiting-blind-file-reads-path-traversal-vulnerabilities-on-microsoft-windows-operating-systems/<p>In a recent engagement I was confronted with a blind path traversal vulnerability on a server running with the Microsoft Windows operating system. That is, it was not possible to display folder contents but the complete file name and path had to be guessed. Due to the lack of a comprehensive website I was forced to gather information from various different sources.</p> <p>In this blog post, I want to summarize my findings and focus on the exploitation of  this kind of vulnerability.</p>