A path traversal attack exploits improper handling of filenames in a website's query string.
What would we be looking for during this attack?
Yes! We'd exploit the query string to access files with sensitive data.
Would it be a hack if the files were meant to be seen?