From Directory Traversal to Full Account Takeover: A Researcher’s Journey

Every vulnerability has a story to tell. While some might dismiss certain bugs as minor or unimportant, an inquisitive mind can dig deeper to uncover their true potential. That’s exactly what happened when I stumbled upon a directory traversal vulnerability in a booking application. What initially seemed like a small find turned into something much bigger — an account takeover that gave me admin-level access to the entire application. Let me walk you through how I connected the dots.

As a security researcher, I’ve often found that vulnerabilities aren’t always what they initially seem. What looks like a harmless bug can sometimes escalate into a serious threat if explored creatively.

This blog is not just a walkthrough of technical steps but a reminder that even the most overlooked vulnerabilities can turn into something impactful. Let’s dive into how curiosity and persistence led me to uncover a critical security issue.

Directory traversal is a vulnerability that occurs when an application fails to properly validate user inputs, allowing attackers to navigate the server’s directory structure and access files or directories outside the intended scope.

Using special characters like ../ or ..\ (dot-dot-slash), attackers can “traverse” the directories to:

Access sensitive files like logs, configuration files, or backups.Read restricted data, including API keys, credentials, or proprietary information.Potentially modify or delete important files (depending on the server permissions).

While directory traversal vulnerabilities may not always lead to critical impacts on their own, when combined with sensitive information exposure, they can cause severe damage, as you’ll see in this case.

The application I was testing was a booking platform for managing room, event, and hotel reservations. While browsing through the application, I noticed a sensitive internal directory exposed online. Curious, I decided to dig deeper.

Using directory traversal techniques, I was able to access a folder named runtime where I can see thelogs/folder. Logs are often overlooked during development, but they can contain invaluable insights. This folder was no exception.

Inside the logs folder, I found detailed application logs that contained sensitive user information. Shockingly, the logs included plain text credentials of users who had logged into the platform.

As I explored further, I struck gold: admin credentials were stored in the logs as well. With these credentials, I was able to log into the application’s admin panel, gaining complete control over the platform.

With admin access, I had the ability to:

Add, modify, or delete user accounts.Change or cancel bookings, impacting room, event, and hotel reservations.View sensitive user data stored in the platform.

What started as a seemingly low-priority directory traversal vulnerability had escalated into a high-severity account takeover scenario.

This experience reinforced the importance of investigating the full impact of every vulnerability. Directory traversal on its own might not always seem critical, but the exposed information can be a gateway to much larger exploits.

Directory traversal can expose internal files that should remain confidential, such as logs, configuration files, or sensitive documents.These files often contain critical data, such as hardcoded credentials, internal paths, or API keys.When combined with other issues like poor credential storage or lack of input validation, the impact can escalate dramatically.Understand the Vulnerability: Know what directory traversal is and how to exploit it properly.Look for Sensitive Files: Focus on folders like logs, config, or backup, which often contain exploitable information.Think About Escalation: Even minor vulnerabilities can lead to critical issues when chained with other bugs.Practice Responsible Disclosure: Always report vulnerabilities to the affected organization so they can fix the issue.

This journey from directory traversal to account takeover highlights the need to think creatively and explore every possibility during a pentest. Even minor bugs can lead to critical vulnerabilities with the right approach.

To my fellow researchers: don’t overlook any vulnerability, no matter how small it may seem. The rewards of persistence and curiosity are well worth it.

Happy hunting, and may your findings be impactful!

Sulman Farooq S is a passionate cybersecurity enthusiast with over three years of experience in penetration testing and specializes in network, web application, mobile application, and API penetration testing. Follow me on Medium for more insights into cybersecurity and vulnerability assessments.

Until next time, stay curious and keep hunting! 🕵️‍♂️🔍

Support — https://buymeacoffee.com/sulmanfarooq