Client Side Path Traversal
Last updated
Last updated
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
A client side path traversal occurs when you can manipulate the path of a URL that is going to be sent to a user to visit in a legit way or that a user is somehow going to be forced to visit for example via JS or CSS.
In , it was possible to change the invite URL so it would end up canceling a card.
In , it was possible to combine a client side path traversal via CSS (it was possible to change the path where a CSS resource was loaded from) with an open redirect to load the CSS resource from an attacker controlled domain.
Learn & practice AWS Hacking: Learn & practice GCP Hacking: