A path traversal attack exploits improper handling of filenames in a website's query string.

What would we be looking for during this attack?

Typical browser files like HTML and CSSPrivate files not intended for the browser

Yes! We'd exploit the query string to access files with sensitive data.

Would it be a hack if the files were meant to be seen?