Directory Traversal Attack also known as the ../ (dot dot slash) attack, is an exploit done using "../". This is used to gain access to files and directories which shouldn't otherwise be accessible.

As an example let's consider a PHP script called download.php, which allows anybody to give it an arbitrary path to be able to download files, stored in a specific directory on the server.

In short, say the directory is called files/. Thereby download.php?path=image.png would make you download files/image.png.

The danger is when someone requests download.php?path=../../secrets.txt as the server would simply jump out of the files directory and let the client download the requested file, that shouldn't be accessible.

A simple way to prevent this is to resolve the requested path and check if it's inside the files directory or not.

$base_path = $_SERVER["DOCUMENT_ROOT"] . "/files/";
$real_base = realpath($base_path);

$user_path = $base_path . $_GET["path"];
$real_user_path = realpath($user_path);

if (($real_user_path !== false) && (strncmp($real_user_path, $real_base, strlen($real_base)) === 0))
{
    // This is inside of the "files/" directory
}
else
{
    // This is outside of the "files/" directory
}