Firefox Directory Traversal Example.

I thought it would be a good idea to show a fairly simple directory traversal within Firefox. Although they have done some really hard work in protecting from traversing the file system, they forgot one. This is a classic by the way because it is in an encoded form. Normally you would have to type dots and a slash in order to traverse a folder. This time we encode the dot, now it's really hard to exploit this because they won't allow slashes to be entered after it. So this isn't a dangerous thing yet. Still, it is default browser/os behavior to add a slash after it and makes this a valid directory traversal and can be performed remotely. This is not allowed:resource:///../../resource:///../resource:///.. This is allowed and a valid directory traversal which they forgot:resource:///%2e%2eTry this to see the ending slash:view-source:resource:///%2e%2eThat should look like: 300: file:///C:/PROGRA~1/MOZILL~1/../which lands inside the program files directory.