Hell, I recently saw an application where there was unchecked input for being ab... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tracker1 on July 27, 2015 \| parent \| context \| favorite \| on: One in every 600 websites has .git exposed Hell, I recently saw an application where there was unchecked input for being able to download files outside the application... if you passed it a path of, for example `../../somefoo-file` would take you out of that application's path.

ejcx on July 27, 2015 [–]

This is called either a Local File Inclusion or a Directory Traversal Vulnerability. The name depends on the details. It's really really common, and definitely something I see a lot of.

The OWASP Top 10 is deadly.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact