|
|
|
|
|
|
by vasuki
1646 days ago
|
|
|
It might be because of path normalization by your http client. For example, with `curl` you will also need to use `--path-as-is` to correctly test traversal. Another reason could be path normalization by the reverse proxy/WAF. > --path-as-is > Tell curl to not handle sequences of /../ or /./ in the given URL path. Normally curl will squash or merge > them according to standards but with >this option set you tell it not to do that. > Added in 7.42.0. |
|
|