ディレクトリトラバーサル チートシート

Websites that are vulnerable to directory traversal or path traversal can allow personal files to be leaked to attackers.
If this vulnerability is exist on the page after login, the attacker will need to get an account, which reduces the risk of being detected by random attacks by tools.

Suppose you have a function that allows the web server to retrieve the file name from the browser and return the specified file to the browser or display information.
An attacker may be able to gain access to private files by altering the file names that are passed to the server.
The files that can be accessed are limited by the permissions of the web server, but if a critical file can be accessed, it will be a serious incident.

The following file names are a list of common file names that may be retrieved.

As a countermeasure, properly check the characters in the file names retrieved from the browser to ensure that ../ or ..\.

This is a list of file candidates to be acquired by Linux-based directory traversal.
/.atfp_history
/.bash_history
/.bash_logout
/.bash_profile
/.bashrc
/.gtkrc
/.login
/.logout
/.mysql_history
/.nano_history
/.php_history
/.profile
/.ssh/authorized_keys
/.ssh/id_dsa.pub
/.ssh/id_dsa
/.ssh/id_rsa.pub
/.ssh/id_rsa
/.ssh/identity.pub
/.ssh/identity
/.viminfo
/.wm_style
/.Xdefaults
/.xinitrc
/.Xresources
/.xsession
/etc/aliases
/etc/anacrontab
/etc/apache/apache.conf
/etc/apache/httpd.conf
/etc/apache2/apache2.conf
/etc/apache2/httpd.conf
/etc/apache2/sites-available/default
/etc/apache2/vhosts.d/default_vhost.include
/etc/at.allow
/etc/at.deny
/etc/bashrc
/etc/bootptab
/etc/chrootUsers
/etc/chttp.conf
/etc/cron.allow
/etc/cron.deny
/etc/crontab
/etc/cups/cupsd.conf
/etc/exports
/etc/fstab
/etc/ftpaccess
/etc/ftpchroot
/etc/ftphosts
/etc/group
/etc/groups
/etc/grub.conf
/etc/hosts.allow
/etc/hosts.deny
/etc/hosts
/etc/httpd/access.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/httpd.conf
/etc/httpd/logs/access_log
/etc/httpd/logs/access.log
/etc/httpd/logs/error_log
/etc/httpd/logs/error.log
/etc/httpd/php.ini
/etc/httpd/srm.conf
/etc/inetd.conf
/etc/init.d/apache
/etc/init.d/apache2
/etc/inittab
/etc/issue
/etc/lighttpd.conf
/etc/lilo.conf
/etc/logrotate.d/ftp
/etc/logrotate.d/proftpd
/etc/logrotate.d/vsftpd.log
/etc/lsb-release
/etc/modules.conf
/etc/motd
/etc/mtab
/etc/my.cnf
/etc/my.conf
/etc/mysql/my.cnf
/etc/network/interfaces
/etc/networks
/etc/npasswd
/etc/passwd
/etc/php.ini
/etc/php/apache/php.ini
/etc/php/apache2/php.ini
/etc/php/cgi/php.ini
/etc/php/php.ini
/etc/php/php4/php.ini
/etc/php4.4/fcgi/php.ini
/etc/php4/apache/php.ini
/etc/php4/apache2/php.ini
/etc/php4/cgi/php.ini
/etc/php5/apache/php.ini
/etc/php5/apache2/php.ini
/etc/printcap
/etc/profile
/etc/proftp.conf
/etc/proftpd/proftpd.conf
/etc/pure-ftpd.conf
/etc/pure-ftpd/pure-ftpd.conf
/etc/pure-ftpd/pure-ftpd.pdb
/etc/pure-ftpd/putreftpd.pdb
/etc/pureftpd.passwd
/etc/pureftpd.pdb
/etc/redhat-release
/etc/resolv.conf
/etc/samba/smb.conf
/etc/security/environ
/etc/security/group
/etc/security/limits
/etc/security/passwd
/etc/security/user
/etc/shadow
/etc/snmpd.conf
/etc/ssh/ssh_config
/etc/ssh/ssh_host_dsa_key.pub
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_key.pub
/etc/ssh/ssh_host_key
/etc/ssh/sshd_config
/etc/sysconfig/network
/etc/syslog.conf
/etc/termcap
/etc/vhcs2/proftpd/proftpd.conf
/etc/vsftpd.chroot_list
/etc/vsftpd.conf
/etc/vsftpd/vsftpd.conf
/etc/wu-ftpd/ftpaccess
/etc/wu-ftpd/ftphosts
/etc/wu-ftpd/ftpusers
/home/$USER/.bash_history
/home/$USER/.ssh/id_rsa
/home/apache/conf/httpd.conf
/home/apache/httpd.conf
/logs/pure-ftpd.log
/logs/security_debug_log
/logs/security_log
/opt/apache/conf/httpd.conf
/opt/lampp/etc/httpd.conf
/opt/xampp/etc/php.ini
/proc/cmdline
/proc/cpuinfo
/proc/filesystems
/proc/interrupts
/proc/ioports
/proc/meminfo
/proc/modules
/proc/mounts
/proc/net/arp
/proc/net/route
/proc/net/tcp
/proc/net/udp
/proc/sched_debug
/proc/self/cwd/index.php
/proc/self/cwd/main.py
/proc/self/environ
/proc/self/net/arp
/proc/stat
/proc/swaps
/proc/version
/root/anaconda-ks.cfg
/usr/etc/pure-ftpd.conf
/usr/lib/php.ini
/usr/lib/php/php.ini
/usr/lib/security/mkuser.default
/usr/local/apache/audit_log
/usr/local/apache/conf/httpd.conf
/usr/local/apache/conf/modsec.conf
/usr/local/apache/conf/php.ini
/usr/local/apache/error_log
/usr/local/apache/error.log
/usr/local/apache/log
/usr/local/apache/logs
/usr/local/apache/logs/access_log
/usr/local/apache/logs/access.log
/usr/local/apache2/conf/httpd.conf
/usr/local/cpanel/logs
/usr/local/cpanel/logs/access_log
/usr/local/cpanel/logs/error_log
/usr/local/cpanel/logs/license_log
/usr/local/cpanel/logs/login_log
/usr/local/cpanel/logs/stats_log
/usr/local/etc/httpd/logs/access_log
/usr/local/etc/httpd/logs/error_log
/usr/local/etc/php.ini
/usr/local/etc/pure-ftpd.conf
/usr/local/etc/pureftpd.pdb
/usr/local/lib/php.ini
/usr/local/php/httpd.conf.ini
/usr/local/php/httpd.conf
/usr/local/php/lib/php.ini
/usr/local/php/lib/php.ini
/usr/local/php4/httpd.conf.php
/usr/local/php4/httpd.conf
/usr/local/php4/lib/php.ini
/usr/local/php5/httpd.conf.php
/usr/local/php5/httpd.conf
/usr/local/php5/lib/php.ini
/usr/local/pureftpd/etc/pure-ftpd.conf
/usr/local/pureftpd/etc/pureftpd.pdn
/usr/local/pureftpd/sbin/pure-config.pl
/usr/local/www/logs/httpd_log
/usr/local/Zend/etc/php.ini
/usr/sbin/pure-config.pl
/var/adm/log/xferlog
/var/apache/logs/access_log
/var/apache/logs/error_log
/var/apache2/config.inc
/var/cpanel/cpanel.config
/var/htmp
/var/lib/mysql/my.cnf
/var/lib/mysql/mysql/user.MYD
/var/local/www/conf/php.ini
/var/log/apache-ssl/access.log
/var/log/apache-ssl/error.log
/var/log/apache/access_log
/var/log/apache/error_log
/var/log/apache2/access_log
/var/log/apache2/error_log
/var/log/nginx/access.log
/var/log/nginx/error.log
/var/log/vsftpd.log
/var/log/auth.log
/var/log/boot
/var/log/chttp.log
/var/log/cups/error.log
/var/log/daemon.log
/var/log/debug
/var/log/dmesg
/var/log/dpkg.log
/var/log/exim_mainlog
/var/log/exim_paniclog
/var/log/exim_rejectlog
/var/log/exim.paniclog
/var/log/exim/mainlog
/var/log/exim/rejectlog
/var/log/faillog
/var/log/ftp-proxy
/var/log/ftp-proxy/ftp-proxy.log
/var/log/ftplog
/var/log/httpd/access_log
/var/log/httpd/access.log
/var/log/httpd/error_log
/var/log/httpd/error.log
/var/log/httpsd/ssl_log
/var/log/httpsd/ssl.access_log
/var/log/kern.log
/var/log/lastlog
/var/log/lighttpd/access.log
/var/log/lighttpd/error.log
/var/log/lighttpd/lighttpd.access.log
/var/log/lighttpd/lighttpd.error.log
/var/log/mail.info
/var/log/mail.log
/var/log/mail.warn
/var/log/maillog
/var/log/message
/var/log/messages
/var/log/sshd.log
/var/log/mysql.log
/var/log/mysql/mysql-bin.log
/var/log/mysql/mysql-slow.log
/var/log/mysql/mysql.log
/var/log/mysqlderror.log
/var/log/proftpd
/var/log/pure-ftpd/pure-ftpd.log
/var/log/pureftpd.log
/var/log/secure
/var/log/vsftpd.log
/var/log/wtmp
/var/log/xferlog
/var/log/yum.log
/var/mysql.log
/var/run/secrets/kubernetes.io/serviceaccount
/var/run/utmp
/var/spool/cron/crontabs/root
/var/webmin/miniserv.log
/var/www/log/access_log
/var/www/log/error_log
/var/www/logs/access_log
/var/www/logs/access.log
/var/www/logs/error_log
/var/www/logs/error.log
~/.atfp_history
~/.bash_history
~/.bash_logout
~/.bash_profile
~/.bashrc
~/.gtkrc
~/.login
~/.logout
~/.mysql_history
~/.nano_history
~/.php_history
~/.profile
~/.ssh/authorized_keys
~/.ssh/id_dsa.pub
~/.ssh/id_dsa
~/.ssh/id_rsa.pub
~/.ssh/id_rsa
~/.ssh/identity.pub
~/.ssh/identity
~/.ssh/known_hosts
~/.ssh/id_rsa.keystore
~/.viminfo
~/.wm_style
~/.Xdefaults
~/.xinitrc
~/.Xresources
~/.xsession
Windows系のディレクトリトラバーサルで取得するファイル候補リストです。
C:/apache/logs/access.log
C:/apache/logs/error.log
C:/apache/php/php.ini
C:/boot.ini
C:/Documents and Settings/Administrator/NTUser.dat
c:/inetpub/logs/logfiles
C:/inetpub/logs/LogFiles/W3SVC1/u_ex[YYMMDD].log
c:/inetpub/wwwroot/global.asa
c:/inetpub/wwwroot/index.asp
c:/inetpub/wwwroot/web.config
C:/MySQL/data/hostname.err
C:/MySQL/data/mysql.err
C:/MySQL/data/mysql.log
C:/MySQL/my.cnf
C:/MySQL/my.ini
C:/php/php.ini
C:/php4/php.ini
C:/php5/php.ini
C:/Program Files (x86)/Apache Group/Apache/conf/access.log
C:/Program Files (x86)/Apache Group/Apache/conf/error.log
C:/Program Files (x86)/Apache Group/Apache/conf/httpd.conf
C:/Program Files (x86)/Apache Group/Apache2/conf/httpd.conf
C:/Program Files (x86)/FileZilla Server/FileZilla Server.xml
C:/Program Files (x86)/xampp/apache/conf/httpd.conf
C:/Program Files/Apache Group/Apache/conf/httpd.conf
C:/Program Files/Apache Group/Apache/logs/access.log
C:/Program Files/Apache Group/Apache/logs/error.log
C:/Program Files/Apache Group/Apache2/conf/httpd.conf
C:/Program Files/FileZilla Server/FileZilla Server.xml
C:/Program Files/MySQL/data/hostname.err
C:/Program Files/MySQL/data/mysql-bin.log
C:/Program Files/MySQL/data/mysql.err
C:/Program Files/MySQL/data/mysql.log
C:/Program Files/MySQL/my.cnf
C:/Program Files/MySQL/my.ini
C:/Program Files/MySQL/MySQL Server 5.0/data/hostname.err
C:/Program Files/MySQL/MySQL Server 5.0/data/mysql-bin.log
C:/Program Files/MySQL/MySQL Server 5.0/data/mysql.err
C:/Program Files/MySQL/MySQL Server 5.0/data/mysql.log
C:/Program Files/MySQL/MySQL Server 5.0/my.cnf
C:/Program Files/MySQL/MySQL Server 5.0/my.ini
C:/Program Files/MySQL/MySQL Server 5.1/my.ini
c:/sysprep.inf
c:/sysprep.xml
c:/sysprep/sysprep.inf
c:/sysprep/sysprep.xml
c:/system volume information/wpsettings.dat
c:/system32/inetsrv/metabase.xml
c:/unattend.txt
c:/unattend.xml
c:/unattended.txt
c:/unattended.xml
C:/Users/Administrator/NTUser.dat
C:/Windows/debug/NetSetup.log
C:/Windows/Panther/Unattend/Unattended.xml
C:/Windows/Panther/Unattended.xml
C:/WINDOWS/php.ini
C:/WINDOWS/Repair/SAM
C:/Windows/repair/security
C:/Windows/repair/software
C:/Windows/repair/system
C:/Windows/system32/config/AppEvent.Evt
C:/Windows/system32/config/default.sav
C:/Windows/system32/config/regback/default
C:/Windows/system32/config/regback/sam
C:/Windows/system32/config/regback/security
C:/Windows/system32/config/regback/software
C:/Windows/system32/config/regback/system
C:/Windows/system32/config/SecEvent.Evt
C:/Windows/system32/config/security.sav
C:/Windows/system32/config/software.sav
C:/Windows/system32/config/system.sav
C:/WINDOWS/System32/drivers/etc/hosts
C:/Windows/System32/inetsrv/config/applicationHost.config
C:/Windows/System32/inetsrv/config/schema/ASPNET_schema.xml
C:/Windows/win.ini
C:/WINNT/php.ini
C:/WINNT/win.ini
C:/xampp/apache/bin/php.ini
C:/xampp/apache/logs/access.log
C:/xampp/apache/logs/error.log