diff options
| author | Thomas Vanbesien <tvanbesi@proton.me> | 2026-03-27 16:20:41 +0100 |
|---|---|---|
| committer | Thomas Vanbesien <tvanbesi@proton.me> | 2026-03-27 16:21:26 +0100 |
| commit | 1deb3f2e6f4a1ddd0760a56794d7ce16232c47c3 (patch) | |
| tree | 3afd8c667515762273573313fdfd627933fc50a6 /Directory traversal/Resources | |
| parent | 642f809226c9e25c22c3c97ee12dadfda945f17a (diff) | |
| download | darkly-1deb3f2e6f4a1ddd0760a56794d7ce16232c47c3.tar.gz darkly-1deb3f2e6f4a1ddd0760a56794d7ce16232c47c3.zip | |
Add link
Diffstat (limited to 'Directory traversal/Resources')
| -rw-r--r-- | Directory traversal/Resources/notes.md | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/Directory traversal/Resources/notes.md b/Directory traversal/Resources/notes.md index d4068b8..fcecf3a 100644 --- a/Directory traversal/Resources/notes.md +++ b/Directory traversal/Resources/notes.md @@ -5,4 +5,6 @@ ## Fix -The problem is letting users directly input files to be included/read. Such input must be sanitized, with for example a strict list of allowed values, or rejecting input containing `../`. +[https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/05-Authorization_Testing/01-Testing_Directory_Traversal_File_Include]() + +The problem is letting users directly input file names to be included/read. Such input must be sanitized, with for example a strict list of allowed values, or rejecting input containing `../`. |