LDAP Injection (CWE: 90) is an attack allowing the attacker to modify LDAP queries. Recently, I encountered a nice LDAP Injection – and I started asking myself why do we hear so little about such vulnerabilities? I would expect the opposite.
Directory Traversal Attacks Directory Traversal (CWE: 22) is usually considered a subset of Path Manipulation (CWE: 73). Directory Traversal, also referred to as Path Traversal, attacks occur by manipulating variables with the ‘../’ (dot-dot-slash is another name this attack sometimes goes by) sequences, and attempt to access directories and files stored in a system. Path Directory