Lesson Plan Title: How to Bypass a Path Based Access Control Scheme

Concept / Topic To Teach:

In a path based access control scheme, an attacker can traverse a path by providing relative path information. Therefore an attacker can use relative paths to access files that normally are not directly accessible by anyone, or would otherwise be denied if requested directly.

General Goal(s):

The user should be able to access a file that is not in the listed directory.